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Clause/Term Resolution and Learning in the Evaluation of 
Quantified Boolean Formulas 



Resolution is the rule of inference at the basis of most procedures for automated rea- 
soning. In those procedures, the input formula is first translated into an equisatisfiable 
formula in (;onjun(;tive normal form (CNF) and then represented as a set of elauses. De- 
duction starts by inferring new clauses by resolution, and goes on until the empty clause is 
generated or satisfiability of the set of clauses is proven, e.g., because no new clauses can 
be generated. 

In this paper, we restrict our attention to the problem of evaluating Quantified Boolean 
Formulas (QBFs). In this setting, the above outlined deduction process is known to be 
sound and complete if given a formula in CNF and if a form of resolution, called "Q- 
resohition" , is used. We introduce Q-rcsolution on terms, to be used for formulas in dis- 
junctive normal form. We show that the computation performed by most of the available 
procedures for QBFs -based on the Davis-Logemann-Loveland procedure (DLL) for prepo- 
sitional satisfiability- corresponds to a tree in which Q-resolution on terms and clauses 
alternate. This poses the theoretical bases for the introduction of learning, corresponding 
to recording Q-resolution formulas associated with the nodes of the tree. We discuss the 
problems related to the introduction of learning in DLL based procedures, and present 
solutions extending state-of-the-art proposals coming from the literature on prepositional 
satisfiability. Finally, we show that our DLL based solver extended with learning, performs 
significantly better on benchmarks used in the 2003 QBF solvers comparative evaluation. 

1. Introduction 

Resolution (Robinson, 1965) is the rule of inference at the basis of most procedures for 
automated reasoning (see, e.g., Fermiiller, Leitsch, Hustadt, & Tammet, 2001; Bachmair Sz 
Ganzinger, 2001). In these procedures, the input formula is first translated into an equisat- 
isfiable formula in conjunctive normal form (CNF) and then represented as a set of clauses. 
Deduction starts by inferring new clauses by resolution, and goes on until the empty clause is 
generated or satisfiability of the set of clauses is proven, e.g., because no new clauses can be 
generated. Here we restrict our attention to the problem of evaluating Quantified Boolean 
Formulas (QBFs). In this setting, the above outlined deduction process is known to be sound 
and complete if given a formula in CNF and if a form of resolution, called "Q-resolution" , 
is used (Kleine-Biining, Karpinski, & Flogel, 1995). However, most of the available decision 
procedures for QBFs are based on and extend the Davis-Logemann-Loveland procedure 
(DLL) (Davis, Logemann, & Loveland, 1962) for propositional satisfiability (SAT). In the 
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prepositional case, it is well known that the computation performed by DLL corresponds 
to a specific form of resolution called "regular tree resolution" (see, e.g., Urquhart, 1995). 

In this paper we introduce Q-resolution on terms, to be used for formulas in disjunctive 
normal form. We show that the computation performed by DLL based decision procedures 
for QBFs corresponds to a tree in which Q-resolution on terms and clauses alternate. Such 
correspondence poses the theoretical bases for the introduction of learning, corresponding 
to recording Q-resolution formulas associated with the nodes of the tree. In particular, 
recording Q-resolutions on clauses generalizes the popular "nogood" learning from con- 
straint satisfaction and SAT literatures (see, e.g., Dechter, 1990; Bayardo, Jr. Sz Schrag, 
1997): Each nogood corresponds to a set of assignments falsifying the input formula, and 
it is useful for pruning assignments to the existential variables. Recording Q-resolutions on 
terms corresponds to "good" learning: Each good corresponds to a set of assignments satis- 
fying the input formula, and it is useful for pruning assignments to the universal variables. 
We discuss the problems related to the introduction of learning in DLL based procedures for 
QBFs, and present solutions extending state-of-the-art proposals coming from the literature 
on SAT. To show the effectiveness of learning for the QBFs evaluation problem, we have 
implemented it in QuBE, a state-of-the-art QBE solver. Using QuBE, we have done some 
experimental tests on several real-world QBFs, corresponding to planning (Rintanen, 1999; 
Castellini, Giunchiglia, & Tacchella, 2003) and circuit verification (SchoU & Becker, 2001; 
Abdelwaheb Sz Basin, 2000) problems, which are our two primary application domains of 
interest. The results witness the effectiveness of learning. 

The paper is structured as follows. Wc first review the basics of Quantified Boolean 
Logic, at the same time introducing some terminology and notation that will be used 
throughout the paper. In Section 3, we introduce clause and term resolution, and their 
relation to DLL based decision procedures for QBFs. Then, in Section 4, we introduce both 
nogood and good learning, and then wc show how they can be effectively integrated in DLL 
based decision procedures for QBFs. The implementation and the experimental results are 
presented in Section 5. The paper ends with the conclusions and some related work. 

This paper builds on and extends in many ways our AAAI paper (Giunchiglia, Nariz- 
zano, & Tacchella, 2002). With respect to that paper, here {i) we introduce clause and 
term resolution; (ii) we show the correspondence between clause/term Q-resolution and the 
computation tree searched by DLL based decision procedures; {in) on the basis of such 
correspondence, we extend the basic backtracking search procedure, first with backjumping 
and then with learning, and we prove their soundness and completeness; (iv) we discuss the 
implementation in QuBE providing many more details, and (v) we present the results of a 
much broader and detailed experimental analysis. 

From here on, we simply write "resolution" for "Q-resolution" . 

2. Quantified Boolean Logic 

Consider a set P of symbols. A variable is an element of P. A literal is a variable or the 
negation of a variable. In the following, for any literal I, 

• |/| is the variable occurring in I; and 

• I is the negation of Hf / is a variable, and it is |^| otherwise. 
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For the sake of simplicity, we consider only formulas in negation normal form (NNF). 
Thus, for us, a propositional formula is a combination of literals using the fc-ary (k > 0) 
connectives A (for conjunctions) and V (for disjunctions). In the following, we use True and 
False as abbreviations for the empty conjunction and the empty disjunction respectively. 

A QBF is an expression of the form 

if = Q1Z1Q2Z2 . . .QnZn^ (n > 0) (1) 

where 

• every (1 < i < n) is a quantifier, either existential 3 or universal V, 

• zi, . . . ,Zn are distinct variables, and 

• $ is a propositional formula in zi, . . . , 
For example, 

3xiVy3x2((xi V y V X2) A (y V X2) A (xs V ((xi V y) A (y V X2)))) (2) 

is a QBF. 

In (1), Qizi . . . QnZn is the prefix and $ is the matrix. We also say that a literal / is 
existential if 3|/| belongs to the prefix, and it is universal otherwise. Finally, in (1), we 
define 

• the level of a variable Zj, to be 1 + the number of expressions QjZjQj+iZj+i in the 
prefix with j > i and Qj 7^ Qj+i ', 

• the level of a literal I, to be the level of 

For example, in (2) X2 is existential and has level 1, y is universal and has level 2, xi is 
existential and has level 3. 

The vaiue or semantics of a QBF (p can be defined recursively as follows: 

1. If the prefix is empty, then ip is evaluated according to the truth tables of propositional 
logic. 

2. If is 3xip, (p is true if and only if (px is true or ip^ is true. 

3. If (p is Vy^, ip is true if and only if both (py and (py are true. 
If is (1) and / is a literal with |/| = Zi, ipi is the QBF 

• whose matrix is obtained from <I> by substituting 

— Zi with True and Zi with False ii I = Zi, and 

— Zi with False and Zi with True if I = Zi. 

• whose prefix is Q1Z1Q2Z2 ■ ■ ■ Qi-i-Zj-iQi+i^^j+i . • • QnZn- 

It is easy to see that if 99 is a QBF without universal quantifiers, the problem of determining 
the value of p reduces to the SAT problem. 

Two QBFs are equivalent if they are either both true or both false. 
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3. Resolution and DLL Based Decision Procedures for QBFs 

In this section we first introduce clause/term resolution and DLL based decision procedures 
for QBFs, and then we show the correspondence between the two. 

3.1 Clause and Term Resolution 

According to our definition of QBF, the matrix can be any combination of conjunctions 
and disjunctions of literals. However, using common clause form transformations based on 
renaming — first used by Tseitin (1970) — , it is possible to perform a linear time conversion 

from an arbitrary QBF into an equivalent one with the matrix in conjunctive normal form 
(CNF). These conversions are based on the fact that any QBF (1) is equivalent to 

Q1Z1Q2Z2 ■ ■ ■ QnZn^x{{x V *) A $[x/^']) (n > 0) 

where 

• ^' is a propositional formula but not a literal; 

• X is a variable distinct from zi, Z2, ■ ■ ■ , Zn', and 

• is the propositional formula obtained from $ substituting one or more occur- 
rences of * with X. 

Thus, if * is 

((xi Vy) A(y VX2)) 
then it follows that (2) is equivalent to 

3xi\/y3x2^X3{{xi V y V X2) A (y V X2) A {x2 V X3) A (xi V y V X3) A (y V X2 V X3)) (3) 

Thanks to such conversions, we can restrict our attention to QBFs with the matrix 
in CNF, and represent the matrix of each formula as a set of clauses to be interpreted 
conjunctively, where a clause is a finite set of literals to be interpreted disjunctively. Further, 
we assume that each clause is non-tautological and minimal. A clause is tautological if it 
contains both a variable and its negation. A clause C is minimal if the literals in C with 
minimum level are existential. The minimal form of a clause C is the clause obtained from 
C by deleting the universal literals which cause C to be non-minimal. For instance, in 
(4), all the clauses are non-tautological and minimal. Our assumption that clauses are 
non-tautological and minimal is not a restriction, as the following theorem states. 

Theorem 1 Let (p be a QBF with the matrix in CNF. Let (p' be the QBF obtained from f 
by 

1. eliminating tautological clauses; and 

2. replacing each non-tautological and non-minimal clause with its minimal form, 
(p and ip' are equivalent. 
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Proof. Clearly, tautological clauses can be eliminated from and the result is an equivalent 
QBF. Let C = {/i, . . . , /„, In+i, ■ ■ ■ , Im} be a non-tautological and non-minimal clause in 
in which In+i, ■ ■ ■ ,lm are the universal literals in C\ 171171(0) {0 < n < m). Further, without 
loss of generality, we assume that the level of li is less than or equal to the level of Zj+i, 
1 <i < m. Then, ip has the form {p > m) 

. . . Ql\ll \ . . .3\ln\ ■ ■ ■ V|ln-|-l| • • ■^\lm\Qm+lZm+l ■ ■ 
standing for 

. ..Ql\ll\ . ..3\ln\ ■ --Wn+ll ■ ■ - ^llmlQm+lZm+l ■ ■■QpZp{{ll V ... V V ln+1 V . . . V Z,„) A 

Then, by applying standard rules for quantifiers, can be rewritten as 

...Ql\h\... . . . V|Z„+i| . ..y\lm\{{h V ... V /„ V ln+1 V ... V Z^) A Qm+lZm+1 ■ ■ ■ QpZp^), 

equivalent to 

(V|/m|(^l V. . .V/„V/„+i V. . .\/lm)^Wm\Qm+lZm+l ■ ■ ■ QpZp^), 



...Qi\h\...3\l 
equivalent to 
...Qi\h\...3\l 
equivalent to 
...Qi|/i|...3|/, 



■V|Zn+i| 

■V|Z„+i| 



((Zl V ... V V ln+1 V ... V Zm-l) A V|Z^|(3^+i2;^+i . . . QpZp^), 



^1 1 • • • "^ll'mlQ rn+l Zm+1 • • • 



i.e., the QBF obtained from 99 by deleting from the clause C. By iterating the above 
reasoning process, all the literals in C \ min{C) can be eliminated from C, and hence the 
thesis. □ 

From here on, a QBF is in CNF if and only if the matrix is a conjunction of clauses, 
and each clause is both minimal and non-tautological. If we represent the matrix of a QBF 
as a set of clauses, 

• the empty clause {} stands for FALSE; 

• the empty set of clauses {} stands for True; 

• the formula {{}} is equivalent to False; 

• the QBF (3) is written as 

3xi\/y3x23x3{{xi,y, X2}, {y, X2}, {x2, X3}, {xi,y, X3}, {y, X2, ^3}}- (4) 

Clause resolution (Kleine-Biining et al., 1995) is similar to an ordinary resolution where 
only existential literals can be matched. More precisely, clause resolution (on a literal I ) is 
the rule 

(5) 



min(C) 



where 
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(cl) {xi,y,X2} 

(c2) {y,X2} 

(c3) {X2,X3} 

(c4) {xi,y,X3} 



Input formula 
Input formula 
Input formula 
Input formula 



(c5) {xi}_ 

(c6) {x3,y} 

(c7) {xi} 

(c8) {} 



From (cl), (c2) 
From (c2), (c3) 
From (c4), (c6) 
Prom (c5), (c7) 



Table 1: A clause resolution deduction showing that (4) is false. The prefix is 3x1 Vy 3x2 3x3. 



• Hs an existential literal; 

• Cl, C2 are two clauses such that {1,1} C (Ci U C2), and for no literal I' 7^ I, {I', I'} C 
(Cl U C2); 

• Cis {CiUC2)\{l,l}. 

Cl and C2 are the antecedents, and min{C) is the resolvent of the rule. 

Theorem 2 ((Kleine-B lining et al., 1995)) Clause resolution is a sound and complete 
proof system for deciding QBFs in CNF: a QBF in CNF is true if and only if the empty 
clause is not derivable by clause resolution. 

For instance, the fact that (4) is false follows from the deduction in Table 1. 

Alternatively to the CNF conversion, we could have converted (2) into a QBF with the 
matrix in disjunctive normal form (DNF), again in linear time, on the basis that any QBF 
(1), is equivalent to 

Q1Z1Q2Z2 . . . QnZn^fyiiy A V ^y/^) (n > 0), 

assuming is a propositional formula but not a literal, and that y is a variable distinct 
from Zi,Z2, ...,Zn- 

A simple recursive application of the above equivalence to (2) leads to the following 
equivalent QBF: 

3xiVy3x2VyiVy2Vy3Vy4V?/5Vy6((yi A y2 A y3)V 

(yi Axi) V(yi Ay) V(yi AX2)V 
(1/2 Ay) V (y2 AX2)V 

(yg A X2) V (yg A y4)V (6) 

(¥4 A y5 A y6)V 

(I/5 Axi) V(y5Ay)V 

(ye Ay) V(y6Ax2)). 

Given a QBF with the matrix in DNF, we can represent the matrix as a set of terms 
to be interpreted disjunctively, where a term is a finite set of literals to be interpreted 
conjunctively. Further, we can assume that each term is non-contradictory and minimal. A 
term is contradictory if it contains both a variable and its negation. A term T is minimal 
if the literals in T with minimum level are universal. The minimal form of a term T is the 
term obtained from T by deleting the existential literals which cause T to be non-minimal. 
All the terms in (6) are non-contradictory and minimal. Analogously to what we have said 
before for QBFs in CNF, if is a QBF in DNF then we can assume that all the terms are 
non-contradictory and minimal without loss of generality. 
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Theorem 3 Let ip be a QBF with the matrix in DNF. Let ip' be the QBF obtained from 
by 

1. eliminating contradictory terms; and 

2. replacing each non- contradictory and non-minimal term with its minimal form, 
if and ip' are equivalent. 

Proof. Analogous to the proof of Theorem 1. □ 

As before, from here on, a QBF is in DNF if and only if the matrix is a disjunction of 

terms, and each term is both minimal and non-contradictory. 

We can introduce term resolution (on a literal I ) which consists of the rule 

Ti n 

min{T) 

where 

• Z is an universal literal; 

• Ti, T2 are two terms such that {1,1} C (Ti U T2), and for no literal V ^ /, {Z',F} C 
(TiUTa); 

• Tis (riUT2)\ {/,!}. 

Ti and T2 are the antecedents, and min{T) is the resolvent of the rule. 

Theorem 4 Term resolution is a sound and complete proof system for deciding QBFs in 
DNF: a QBF in DNF is true if and only if the empty term is derivable by term resolution. 

Proof. The fact that term resolution is a sound and complete proof system follows from 
the soundness and completeness of clause resolution. 

Let $ be a set of sets of literals, and (p = Q1Z1Q2Z2 . . ■ QnZn^ be a QBF in which $ is 
interpreted as a set of clauses. Without loss of generality we can assume that each clause 
in # is non-tautological and minimal. Then the following chain of equivalences holds: 

There exists a deduction A of the empty clause from ip using clause resolution 

if and only if 

ip is false 
if and only if 

The QBF Ip = Q1Z1Q2Z2 ■ ■ . QnZn^ in which $ is interpreted as a set of terms is true 

if and only if 

A is a deduction of the empty term from ^ using term resolution. 
In the above chain of equivalences, Q is 3 if Q = V, and is V if Q = 3. □ 

As an example of a term resolution deduction of the empty term, consider the QBF Ip: 

Va;i3j/Vx2Vx3((xi A y A X2) V (y A X2) V (x2 A X3) V (xi A y A X3) V (y A 0:2 A X3)) 
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i.e., the QBF obtained from (3) by simultaneously replacing V with 3, 3 with V, A with V, 
and V with A. Then, the deduction in Table 1 is also a deduction of the empty term from 
Tp using term resolution. 

If the QBF Lp is not in DNF but in CNF then term resolution cannot be applied, and 
thus term resolution is not sufficient for proving the truth or falsity of (p. However, if we 
also have the following model generation rule 

min{T) 

where 

• $ is the matrix of (p; and 

• T is a non-contradictory term such that for each clause C G C fl T 7^ 0, 

we get a sound and complete proof system for QBFs in CNF. Intuitively, the model gen- 
eration rule allows us to start from the minimal form of terms which propositionally entail 
the matrix of the input formula. 

Theorem 5 Term resolution and model generation is a sound and complete proof system 
for deciding QBFs in CNF: a QBF in CNF is true if and only if the empty term is derivable 
by term resolution and model generation. 

Proof. Given a QBF (p in CNF with matrix $, by the model generation rule we can derive 
a set ^ of terms of the form min(T) such that 

• each term T is a non-contradictory and such that for each clause C E ^, C HT ^ $; 
and 

• the disjunction of all the terms in ^ is propositionally logically equivalent to 

Let (p' be the QBF in DNF obtained by substituting $ with ^ in ip. ip and ip' have the 
same value. Hence the thesis thanks to Theorem 4. □ 



3.2 DLL Based Decision Procedures for QBFs 

Given what we have said so far, an arbitrary QBF p can be converted (in linear time) into 
an equivalent QBF in CNF. Because of this, from here to the end of the paper, we restrict 
our attention to QBFs in such format. With this assumption, if ip is (1) and I is a literal 
with \l\ = Zi, we redefine ipi to be the QBF 

• whose matrix is obtained from $ by removing the clauses C with I G C, and by 
removing I from the other clauses; and 

• whose prefix is Q1Z1Q2Z2 ■ ■ ■ Qi-iZi-iQi+iZi+i . . . QnZn- 
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Further, we extend the notation to sequence of Hterals: If /x = Zi; Z2; ■■■'■,1m ('ti > 0), ip^ is 
defined as (. . . (((^^ J^J . . 
Consider a QBF ^p. 

A simple procedure for determining the value of (p starts with the empty assignment e 
and recursively extends the current assignment ji with z and/or z, where 2; is a heuristically 
chosen variable at the highest level in (^^, until either the empty clause or the empty set of 
clauses are produced in p>^. On the basis of the values of (/^^.^ and ^^-^z^ the value of ip^ can 
be determined according to the semantics of QBFs. The value of ip is the value of (pe- 

Cadoli, Giovanardi, Giovanardi and Schaerf (2002) introduced various improvements to 
this basic procedure. 

The first improvement is that wc can directly conclude about the value of ip^ if the 
matrix of 'p^ contains a contradictory clause (Lemma 2.1 in Cadoli et al., 2002). A clause 
C is contradictory if it contains no existential literal. An example of a contradictory clause 
is the empty clause. 

The second improvement allows us to directly extend ^ with Z if / is unit or monotone 
in (Lemmas 2.4, 2.5, 2.6 in Cadoli et al., 2002). In (1), a literal I is: 

• Unit if I is existential and for some m > 0, 

— a clause {Z, Zi, . . . , Z^} belongs to and 

— each literal Zj (1 < z < m) is universal and has a level lower than the level of Z. 

• Monotone or pure if 

— either Z is existential, I does not belong to any clause in $, and I occurs in 

— or Z is universal, Z does not belong to any clause in and I occurs in 

For example, in a QBF of the form 

. . . 3xiVy3x2 . . . {{xi, ?/}, {X2}, . . .}, 
both x\ and X2 are unit. In the QBF 

Vy 1 3x 1 Vy2 3x2 { {y 1 , 2/2 , 3^2 } , { a; 1 , y 2 > ^2 } } , 

the only monotone literals are yi and xi. 

With such improvements, the resulting procedure, called Q-DLL, is essentially the one 
presented in the work of Cadoli, Giovanardi, and Schaerf (1998), which extends DLL in 
order to deal with QBFs. Figure 1 is a simple, recursive presentation of it. In the figure, 
given a QBF p, 

1. False is returned if a contradictory clause is in the matrix of (p^ (line 1); otherwise 

2. True is returned if the matrix of ip^ is empty (hue 2); otherwise 

3. at line 3, fi is recursively extended to /Lt; Z if Z is unit (and we say that I has been 
assigned as unit); otherwise 
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function Q-DLL{(p, n) 

1 if ((a contradictory clause is in the matrix of (f/j,)) return False; 

2 if ((the matrix of ip^ is empty)) return True; 

3 if {{I is unit in (^^)) return Q-DLL{ip, 

4 if ((/ is monotone in ^p^)) return Q-DLL((p, fi;l); 

5 I := {a literal at the highest level in (f^); 

6 if {{I is existential)) return Q-DLL{ip, or Q-DLL{if,ii]l); 

7 else return Q-DLL{ip, and Q-DLL{ip, 

Figure 1: The algorithm of Q-DLL. 

4. at line 4, /x is recursively extended to /x; Z if Z is monotone (and we say that I has been 
assigned as monotone) ; otherwise 

5. a literal I at the highest level is chosen and 

• If Z is existential (line 6) , /x is extended to /x; I first (and we say that I has been 
assigned as left split). If the result is False, /x;I is tried and returned (and in 
this case we say that I has been assigned as right split) . 

• Otherwise (line 7), I is universal, /i is extended to first (and we say that I 
has been assigned as left split). If the result is True, /x;Z is tried and returned 
(and in this case we say that I has been assigned as right split) . 

Theorem 6 Q-DLL((p,e) returns True if tp is true, and False otherwise. 

Proof. Trivial consequence of Lemmas 2.1, 2.4, 2.5, 2.6 in the work of Cadoli, Giovanardi, 
Giovanardi, and Schaerf (2002) and of the semantics of QBFs. □ 

Given what we have said so far, it is clear that Q-DLL evaluates if by generating a 
semantic tree (Robinson, 1968) in which each node corresponds to an invocation of Q-DLL 
and thus to an assignment fi. For us, 

• an assignment (for a QBF (p) is a possibly empty sequence ^ = li;l2; . . . ;lm {m>0) 
of literals such that for each Zj in /x, Zj is unit, or monotone, or at the highest level in 

^h;h;...;li-i'-> 

• the (semantic) tree representing a run of Q-DLL on tp is the tree 

— having a node /x for each call to Q-DLL{(p, /x); and 

— an edge connecting any two nodes /x and /x; Z, where I is a literal. 

Any tree representing a run of Q-DLL has at least the node e. 

As an example of a run of Q-DLL, consider the QBF (4). For simplicity, assume that 
the literal returned at line 5 in Figure 1 is the negation of the first variable in the prefix 
which occurs in the matrix of the QBF under consideration. Then, the tree searched by 
Q-DLL when (p is (4) can be represented as in Figure 2. In the figure: 
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{{xi,y, X2}, {xi,y, X3}, {y, X2}, {y, X2,X3}, {x2, X3}} 



{{y, X3}, {y, X2}, {y, X2, Xs}, {X2,X3}} 



(xi,r) 

{{y, X2}, {y, X2}, {y, X2, X3}, {X2,X3}} 





{{}} 



Figure 2: The tree generated by Q-DLL for (4). The matrix of (4) is shown at the root 
node, and the prefix is 3a;iVy3x23a;3. U, P, L, R stand for "unit", "pure", "left 
spht" , "right spUt" respectively, and have the obvious meaning. 



• Each node is labeled with the literal assigned by Q-DLL in order to extend the as- 
signment built so far. Thus, the assignment corresponding to a node is the sequence 
of labels in the path from the root to the node. For instance, the assignment corre- 
sponding to the node with label X3 is xi;y; X3. 

• When literals are assigned as unit or monotone, the corresponding nodes are aligned 

one below the other. Further for each assigned literal I, we also show whether / 
has been assigned as unit, monotone, left or right split by marking it as u, P, L, R 
respectively. 

• When / has been assigned as a left or right split, we also show the matrix of <^^;i, 
where // is the sequence of literals assigned before I. 

• When the node ^ is a leaf, then the matrix of ipfj_ is either empty (in which case we 
write "{}" below the node), or it contains a contradictory clause (in which case we 
write "{{}}" below the node). 

Considering Figure 2, it is easy to see that Q-DLL would correctly return False, mean- 
ing that (4) (and thus also (2)) is false. 

3.3 Resolution and DLL Based Decision Procedures for QBFs 

The well known correspondence in SAT between semantic trees and resolution (see, e.g., 
Urquhart, 1995) gives us the starting point for our analysis, aimed to establish a correspon- 
dence between Q-DLL and clause/term resolution. 

Consider a QBF ip. Let 11 be the tree explored by Q-DLL for evaluating ip. 

For the time being, assume that we are dealing with a SAT problem, i.e., tp does not 
contain universal quantifiers. Then, Q-DLL reduces to DLL, and if (p is false then we can 
use n to generate a clause resolution deduction of the empty clause from ip. The basic idea 
is to associate with each node of 11 a clause C which is /i-falsified, i.e., such that for each 
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literal / € C, / is in /i. (We say that a literal I is in or lias been assigned by Zi; . . . ; if and 
only if / G {Zi, . . . , Im})- More precisely: 

• With every leaf /i of IT, we associate an arbitrarily selected clause in the matrix of 

which is /x-falsified. At least one such clause exists because contains the empty 
clause. 

• If C is the clause associated with a node ^-,1, then 

1. If I C then C is also the clause associated with /x. Notice that if I is monotone 
in ipf^ then J ^ C. 

2. If I G C and I is unit in ip^ then the clause associated with is the resolvent of 
C and an arbitrarily selected clause of (p which causes I to be unit in ipfj,. 

3. If I G C and I is not unit in (p^ then we have to consider the clause C associated 

with the node fi;!. If Z ^ C" then C is the clause associated with n (as in the 
first case). If Z G C", the clause associated with jj, is the resolvent of C and C. 

Lemma 1 Let ip he a QBF without universal quantifiers. Let 11 he the tree searched by 
Q-DLL(ip,e). Let jx he an assignment for ^p. Lf (p^ is false, then the clause associated with 
the node /lofH 

• is ^-falsified; and 

• does not contain existential literals whose negation has heen assigned as monotone 
in II. 

Proof. Let S be the set of assignments in 11 which extend /x. Clearly, for each assignment 
fi' G S, ipf^i is false {ip does not contain universal quantifiers). On 5, we define the partial 
order relation >^ according to which two assignments jj! and jx" in S are such that /x' >z n" 
if and only if /i' extends fi" . Clearly >z is well founded and the minimal elements are the 
assignments extending /x and corresponding to the leaves of 11. 

If jj! extends and is a leaf of 11, then ip^i contains a contradictory clause C. Since 
ip does not contain universal quantifiers, C is //'-falsified and is associated with the node 
Ijl' . Clearly, C does not contain existential literals whose negation has been assigned as 
monotone. 

By induction hypothesis, for each assignment jJ = I >_ /u" in S we have a /x'-falsified 
clause not containing existential literals whose negation has been assigned as monotone. 
We have to show the thesis for //". There are three cases: 

1. Z has been assigned as unit. Let C\ be the clause associated with /x";Z. By induction 
hypothesis, the thesis holds for C\. If C\ does not contain Z, the thesis trivially follows. 
Otherwise, the clause associated with is the resolvent C of C\ with a clause C2 
that causes Z to be unit in ip^ji. C2 is /x"; Z-falsified and it does not contain existential 
literals whose negation has been assigned as monotone. C = Ci U C2 \ {Z, 1} and thus 
the thesis trivially holds. 

2. Z has been assigned as monotone. In this case the clause C associated with /i" is the 
same clause associated with /u"; Z. By induction hypothesis C does not contain Z and 
thus C is //"-falsified. 
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3. / is a split. In this case we have a clause Ci associated with fi"; I and a clause C2 
associated with fi"; I. The thesis holds for both Ci and C2 by induction hypothesis. 
If Ci does not contain I, then the clause associated with ji" is Ci and the thesis 
trivially holds. Otherwise, if C2 does not contain I, then the clause associated with 
/u" is C2 and again the thesis trivially holds. Otherwise, the clause associated with /x" 
is Ci U C2 \ {1,1} and again the thesis trivially holds. 

□ 

Theorem 7 Let ip be a false QBF without universal quantifiers. The tree searched by Q- 
DLL(if,e) corresponds to a clause resolution deduction of the empty clause. 

Proof. Let A be a sequence of clauses obtained by listing the clauses in the matrix of (p 
according to an arbitrary order, followed by the clauses associated with the internal nodes 
of the tree 11 searched by Q-DLL{ip,e), assuming 11 is visited in post order. Clearly, A is 
a deduction. A is a deduction of the empty clause because the node e has an associated 
e-falsified clause (Lemma 1), i.e., the empty clause. □ 

The theorem points out the close correspondence between the computation of Q-DLL 
and clause resolution, assuming the input formula is false and that it does not contain 
universal quantifiers. If the input formula does not contain universal quantifiers but is true, 
still the tree explored by Q-DLL before generating the path ending with the empty matrix 
corresponds to a sequence of clause resolutions, one for each maximal subtree whose leaves 
fx are such that ip^ contains an empty clause. 

If we no longer assume that the input formula (p does not contain universal quantifiers, 
and consider the case in which is an arbitrary QBF, the situation gets more complicated, 
also because of the possibility of assigning unit literals which are not at the highest level. 
So, we now assume that if a literal I is assigned as unit at a node n, then I is at the highest 
level in 

Then, if the input formula ip is false, we can again use the tree 11 searched by Q-DLL to 
generate a clause resolution deduction of the empty clause. The construction is analogous 
to the one described before. The only difference is that we have to restrict our attention 
to the minimal false subtree of 11, i.e., the tree obtained from 11 by deleting the subtrees 
starting with a left split on a universal literal: These subtrees are originated from "wrong 
choices" when deciding which branch to explore first. In the minimal false subtree 11' of 11, 
all the leaves terminate with the empty clause, and we can associate with each node of 11' a 
clause exactly in the same way described above for the SAT case. For instance, if (p is (4), 
then Q-DLL assigns unit literals only when they are at the highest level. Figure 3 shows 
the minimal false subtree of Q-DLUs computation, and the associated clause resolution 
deduction of the empty clause. In the figure, 

• the clause associated with each node is written in red and to the right of the node 
itself; 

• when a node corresponds to the assignment of a unit literal I, a clause of (p which 
causes / to be unit at that node (used in the corresponding clause resolution) is written 
in red and to the left of the node. 
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{{xi,y, X2}, {xi,y, x-i}, {y, X2}, {y, X2, X3}, {x2, X3}}{} 
, \ , 



{xi,l) {xi} 



{xi,r) {xi} 



{{y, X3}, {y, X2}, {y, X2, X3}, {x2, X3}} {{y, X2}, {y, X2}, {y, X2,X3}, {x2, X3}} 
I , I , 



{y,R) {xi} 

{xi,y,X3}{x3,V){xi} 

{y,X2}{x2,v){y, X3} 

{{}} {X2,X3} 



(y,R) {xi} 

{Xl,y, X2}{x2,V){xi} 

{{}} {y,x2} 



Figure 3: The clause resolution corresponding to the tree generated by Q-DLL for (4). The 
prefix is 3xiVy3x23j;3. 



Lemma 2 Let ip be a false QBF. Let 11 he the minimal false subtree of the tree searched by 
Q-DLL(ip, e) and assume that for each node fi; I in U, if I is unit in 93^ then I is also at the 
highest level in ipf^. Let fj, be an assignment for if. If is false, then the clause associated 
with the node /i o/II 

• is ^-falsified; and 

• does not contain existential literals whose negation has been assigned as monotone 
in fi. 

Proof. Trivial extension of the proof of Lemma 1. The assumption that for each node fi; I 
in n, if I is unit in 93^ then I is at the highest level in ip^, ensures that each clause associated 
with a node of 11 is /x-falsified. □ 



Theorem 8 Let ip he a false QBF. Let 11 be the minimal false subtree of the tree searched 
by Q-DLL(ip,e) and assume that for each node fi;l in H, if I is unit in tp^ then I is also at 
the highest level in ip^. Then 11 corresponds to a clause resolution deduction of the empty 
clause. 

Proof. Given Lemma 2, the proof is analogous to the one of Theorem 7. □ 

Regardless of whether the input formula is true or false, the tree explored by Q-DLL 
may contain (exponentially many) subtrees whose nodes /i are such that <p^ is false. The 
procedure described above, allows us to associate a clause resolution deduction with each 
of such subtrees. 

If the input formula (/? is true, the situation is simpler because so far we do not have "unit 
universal literals", and we can use the tree 11 searched by Q-DLL to generate a deduction 
of the empty term from ip. Intuitively, the process is analogous to the one described when 
(p is false, except that the leaves of our term resolution deduction are terms corresponding 
to the assignments computed by Q-DLL and entailing the matrix of (p. In details: 
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• First, we have to restrict our attention to the minimal true subtree of 11, i.e., the tree 
obtained from IT by deleting the subtrees starting with a left split on an existential 
literal: Analogously to the the case in which (p is false, each leaf in a minimal true 
subtree of 11 terminates with the empty matrix. 

• Second, we associate with each node /x a term, represented as a set, as follows: 

— The term associated with each leaf is a minimal term miniT) in which 

1. does not contain universal literals assigned as monotone, 

2. has to propositionally entail the matrix, i.e., for each clause C in the matrix 
of T n C 7^ 0, and 

3. has to be a subset of the literals in /x, i.e., T C {Z : / is in /x}. 

— If T is the term associated with a node /x; Z, then 

1. If Z ^ T then T is the term associated with the node ji. Notice that if I is 
either existential or both universal and monotone in (/?^, then I ^ T. 

2. If / G T then we have to consider also the term T' associated with the node 

If I r' then T' is the term associated with ji (as in the first case). If 
I eT', the term associated with fj, is the resolvent of T and T'. 

It is easy to see that the term T associated with a node n is fx-entailed: Each literal in T 
is also in /it. 

Lemma 3 Let ip he a true QBF. Let li he the minimal true subtree of the tree searched by 
Q-DLL(ip,e). Let ji be an assignment for ^p. If ip^ is true, then the term associated with 
the node /lofH 

• is n- entailed; and 

• does not contain universal literals assigned as monotone. 

Proof. Analogous to the proof of Lemma 2. □ 

Theorem 9 Let ip be a true QBF. Let H the minimal true subtree of the tree searched by 
Q-DLL((p,e). Then U corresponds to a model generation and term resolution deduction of 
the empty term. 

Proof. Let A be the sequence of terms obtained by listing the terms associated with the 
nodes of 11 visited in post order. Clearly, A is a model generation and term resolution de- 
duction. A is a deduction of the empty term because the node e has an associated e-entailed 
term (Lemma 3), i.e., the empty term. □ 

As before, regardless of whether the input formula is true or false, the tree explored 
by Q-DLL may contain (exponentially many) subtrees whose nodes are associated with 

1. For the sake of efficiency, it is also important that the term T satisfies other properties. However, they 
are not necessary for the time being, and will be discussed in the next section. 
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{{xi,y, X2}, {xi,y, X3}, {y, X2}, {y, X2, X3}, {x2, X3}} 
, I 



{xi,l) 



(xi,r) 



{{y, X3}, {y, X2}, {y, X2,X3}, {x2, X3}} {{y, X2}, {y, X2}, {y, X2, x^}, {x2, X3}} 

1 ' ■ ' 



{y, L) {y} 
{x2,p){y} 
{y,x2} {} {y} 



{y, L) {y} 
{x2,p){y} 

{y,X2} {} {y} 



Figure 4: The term resolutions corresponding to the tree generated by Q-DLL for (4). The 
prefix is 3xiVy3x23j;3. 



{{xi,y, X2}, {xi, y, xs}, {y, X2}, {y, X2, X3}, {a;2, X3}}{} 
, \ , 



{xi,l) {xi} 

{{y, X3}, {y, X2}, {y, X2,X3}, {X2,X3}} 



(y>L){|/} {y,R) {Xi} 

{x2,P){y} {xi,y,X3}(x3,u){xi} 
{y,x2} {} {y} {y,X2}{x2,V){y,X3} 

{{}} {X2,X3} 



(xi,r) {xi} 

{{y, X2}, {y,x2}, {y, X2, X3}, {x2, X3}} 



(y,L){y} {y,R){xi} 
(X2,P){|7} {xi,y,X2}(x2,u){xi} 

{y,x2} {} m {{}}{y,x2} 



Figure 5: The resolution corresponding to the tree generated by Q-DLL for (4). The prefix 
is 3xi\/y3x2^X3. 



assignments ^ with being true. The above described procedure allows us to associate 
a term resolution deduction with each of such subtrees. For instance, if (p is (4) there are 
two maximal such subtrees, having roots xi;y and xi;y. The associated deductions are 
represented in Figure 4. In the figure, 

• we represent also the nodes along the path from the root to the subtrees, 

• the term associated with each node is written in green and to the right of the node 
itself, 

• if ^ is a leaf, a non-contradictory term T entailing the matrix and whose minimal 
form min{T) is associated with fi, is written in green and to the left of /i. 

Merging the trees in Figures 3 and 4 we obtain the whole tree of deductions correspond- 
ing to the search tree explored by Q-DLL (represented in Figure 5) in which clause and 
term resolutions are intermixed. 
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Now we consider the case in which the input QBF (/? is false and we no longer assume 
that literals are assigned as unit only if they are at the highest level. We restrict our 
attention to the minimal false subtree 11 of the tree searched by Q-DLL((p,e). Then, the 
procedure described above for associating a clause with each node of 11 may no longer work. 
For one thing, given a leaf fi, there may be no /i-falsified clauses in the matrix of the input 
formula. However, we are guaranteed about the existence of a /u-contradicted clause in the 
matrix of the input formula. A clause C is ^-contradicted 

• for each literal / in C, / is not in /x; and 

• for each existential literal / in C, I is in fj,. 

As long as we can associate with each node of FL a /i-contradicted clause (either belonging 
to the matrix of 93 or obtained by clause resolution) FT corresponds to a clause resolution 
deduction of the empty clause: Indeed the clause associated with the root of FT has to be 
empty (remember that the resolvent of a clause resolution is in minimal form). Thus, the 
obvious solution is to try to associate 

1. with each leaf /x a /u-contradicted clause in the input formula, and 

2. with each internal node fj, a ^-contradicted clause obtained by resolving input clauses 
and/or previously deduced clauses along the same lines outlined before. 

In some cases the process runs smoothly. Consider for instance, a QBF of the form: 

3xi3x2V?/3x3{{xi, X3}, {x2,xs}, {x2, y, x^}, . . .}. (7) 

Then, if we assume that a split on xi occurs first, the following path will be explored (we 
are using the same conventions of Figure 3): 

(^3,U) 
{{}} 

and the clause associated with each node are: 

{xi,xs} {X3,V) 
{X2,X3} {X2,V) 
{{}} 

where we see that: 

1. the clause associated with the leaf /i = xi ; X3 ; X2 is not ^-falsified but is /U-contradicted; 
and 

2. With respect to the definition of "contradictory clause" given in Section 3.2, it is clear that a clause C is 
contradictory if and only if it is e-contradicted. Further, for any QBF ip and assignment fi, there exists 
a /x-contradicted clause in the matrix of if, if and only if contains a e-contradicted clause, if and only 
if contains a contradictory clause. 
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function Rec-C-Resolve{ip, Ci, C2, /i) 

1 S := {I : I e Ci,l e C2}; 

2 if (5 = 0) return C-Resolve{Ci, C2); 

3 /i := (an existential literal in Ci with level < than the level of all the literals in Ci}); 

4 C := (a clause in ip which causes li to be unit in tp^', where fx'; li is a prefix of fi); 

5 C3 := C-Resolve{Ci,C); 

6 return Rec-C-Resolve{(p, C3, C2, /, /x). 

Figure 6: The algorithm of Rec-C-Resolve. 

2. we are able to associate with each node fi a /i-contradicted clause. 

Unfortunately, in some cases things do not run so smoothly, i.e., it may not be possible 
to associate a clause to an internal node by a simple single resolution between input and/or 
previously deduced clauses. Indeed, some clause resolutions may be blocked because of 
universal variables occurring both as y and y in the clauses to be used for the resolution. 
Consider for instance a QBF of the form (obtained from (7) by replacing the clause {x2, X3} 
with {x2,y, X3}): 

3xi3x2Vy3x3{{xi, xs}, {x2,y, X3}, {x2, y, X3}, . . .}. (9) 
Then, (8) would be still a valid path, and the corresponding clause resolutions would be: 

(xi,l) 

{xi,X3} (X3,U) 
{^2, 27,3^3} {X2,V) ... 

{{}} {x2,y,X3} 

where it is not possible to perform the clause resolution associated with the node having 
label (x2,u). As in the example, a clause resolution (5) may be blocked only because of 
some "blocking" universal literal / 

• with both / and I not in /x, and 

• with / € Ci and I G C2. 

Since both Ci and C2 are in minimal form, this is only possible if both Ci and C2 contain 
an existential literal /' 

• having level less than or equal to the level of all the other literals in the clause; and 

• assigned as unit. 

Then, the obvious solution is to get rid, e.g., of the blocking literals / in Ci by resolving 
away from Ci the existential literals with a level lower than the level of I. 

This is the idea behind the procedure Rec-C-Resolve in Figure 6. In the figure, we 
assume that 

1. ip is the input QBF; 
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2. |Lt; Hs an assignment; 

3. / is an existential literal which is either unit or at the highest level in (^^; 

4. Ci is a clause containing I, in minimal form and (i; /-contradicted; 

5. C2 is a clause containing I, in minimal form and /i; I-contradicted. Further, if / is unit 

in ifi^, then C2 is a clause which causes I to be unit in 99^; 

6. C-Resolve{C\,C2) returns the resolvent of the clause resolution between the two 
clauses C\ and C2. 

From here on, if {ip,Ci,C2,l, /j) satisfies the first 5 of the above conditions, we say that 
the pair (Ci,C2) is to be ^\l-Rec-C-Resolved (in (p). Given two clauses (Ci,C2) to be 
H; l-Rec-C-Resolved: 

1. The set S of universal literals blocking the clause resolution between Ci and C2 is 
computed (line 1). 

2. If 5 is empty, then we can simply return the resolvent between Ci and C2 (line 2); 
otherwise 

3. we pick an existential literal h in Ci having minimum level in Ci (line 3): li has 

been assigned as unit earlier in the search, and we consider a clause C which caused 
h to be assigned as unit (line 4). If C3 is the resolvent between Ci and C (line 5), 
Rec-C-Resolve{ip,Cs,C2,l, fJ.) is returned (line 6). 

If (Ci, C2) are to be //; l-Rec-C-Resolved in ip, Rec-C-Resolve{ip, Ci, C2, 1, //) returns a mini- 
mal clause which is ;u-contradicted and without existential literals whose negation has been 
assigned as monotone in fi. This is formally stated by the following lemma. 

Lemma 4 Let C\ and C2 he two clauses such that (Ci,C2) is to he fi; l-Rec-C-Resolved in 
a QBF (f. Rec-C-Resolve(ip, Ci, C2, 1, fJ,) terminates and returns a clause 

• in minimal form and ^i- contradicted; and 

• which does not contain existential literals whose negation has been assigned as mono- 
tone in fi. 

The proof of the lemma is quite long and it is reported in the appendix. 

Assuming that the input QBF (p is false, the construction of the deduction of the empty 
clause (associated with the minimal false subtree 11 of the tree searched by Q-DLL) is the 
following: 

• With every leaf /x of 11, we associate a clause C in the input formula which is /x- 

contradicted. 

• If C is the clause associated with a node /x; I, then 

1. If I ^ C or if Z is universal then C is the clause associated with the parent of 
I, i.e., with the node f^. Notice that if / is existential and monotone in (pf^ then 
l^C. 
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2. If I € C and / is unit in ^p^ then the clause associated with the node ^ is the 
result of Rec-C-Resolve{if,C,C',l,^), where C is a clause of ip which causes / 
to be unit in p^. 

3. If I G C, Z is existential and not unit in cp^, then we have to consider also the 
clause C associated with the node fj,; 1. If Z ^ C' then C' is the clause associated 
with /u (as in the first case). If / G C , the clause associated with the node /j, is 
the result of Rec-C-Resolve{ip, C, C, I, /i). 

In our example, if p is (9) and with reference to the deduction in (10), the blocked resolu- 
tion is the one associated with the node xi; X3; X2. Rec-C-Resolve{ip, {x2,y, X3}, {x2,y, X3}, X2, xi; X3) 

1. at line 5, resolves {x2,y,X3} and {xi;x3}, and the resolvent C3 is m.in{{xi, X2,y}) = 
{xi, X2}; and 

2. the following recursive call to Rec-C-Resolve{ip, {xi, X2}, {x2,y, 2:3}, X2, xi; X3) at line 6 
returns {xi,y, X3}. 

Thus, the clause associated with each node are: 

(xi,l) {xi} 

{xi,X3} (X3,U) {xi} 
{x2,y,X3} (X2,U) {xi,y,X3} 
{{}} {x2,y,X3} 

Notice that, with reference to Figure 6, the choice of eliminating the blocking literals 
in Ci while maintaining C2 invariant, is arbitrary. Indeed, we could eliminate the blocking 
literals in C2 and maintain Ci invariant. In the case of the deduction in (10), this amounts 
to eliminate the universal literal y in {x2,y, X3}: By resolving this clause with {xi,X3} on 
X3, we get the resolvent {xi,X2}, which leads to the following legal deduction: 

(xi,l) {xi} 

{xi,X3} (X3,U) {xi} 
(Prom {x2,y,X3}, {xi,X3}) {xi,X2} (X2,U) {xi,y,X3} 

{{}} {x2,y,xs} 

Lemma 5 Let ip be a false QBF. Let 11 he the minimal false subtree of the tree searched by 
Q-DLL(p,e). Let fi be an assignment for p. If p^ is false, then the clause associated with 
the node fj,ofIl 

• is in minimal form and ^i- contradicted; and 

• does not contain existential literals whose negation has been assigned as monotone 
in fi. 

Proof. By construction, each clause associated with a leaf /x of 11 is /i-contradicted. We 
now show that also the clause C associated with an internal node /x of 11 is /u-contradicted, 
assuming that the clause C associated with its child ^u; / is /x; /-contradicted. If /x has also a 
child fi; I, we also assume that the clause C" associated with its child /x; I is fi; I-contradicted. 
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1. If I ^ C or if I is universal then C = C . Hence, C is in minimal form. Since I ^ C 
or I is universal, C is ^u; /-contradicted if and only if C is /U-contradicted. The thesis 

follows because C = C . 

2. If I G C' and I is unit in (p^ then C =Rec-C-Rcsolvc(ip, C , C" , I, fi) , where C" is a 
clause of (p which causes / to be unit in 93^. The thesis follows from Lemma 4. 

3. If I G C, / is existential and not unit in ip^, then we have to consider also the clause 
C associated with the node n; I. Assuming / G C (otherwise we would be in the first 
case), the clause associated with /x is the result of Rec-C-Resolve{(p, C,C',l,iJ,). As in 
the previous case, the thesis follows from Lemma 4. 

□ 

Theorem 10 Let ip be a false QBF. Let 11 he the minimal false subtree of the tree searched 
by Q-DLL(p,e). Then H corresponds to a clause resolution deduction of the empty clause. 

Proof. Given Lemma 5, the proof is analogous to the one of Theorem 7. □ 



4. Backjumping and Learning in DLL Based Procedures for QBFs 

In this section we first show that computing the resolvent associated with each node allows 

to backjump some branches while backtracking (Subsection 4.1). Then, we show that 
learning resolvents allows to prune the search tree in branches different from the ones in 
which resolvents were computed and learned (Subsection 4.2). 

4.1 Conflict and Solution Directed Backjumping 

The procedure described in Section 3.2 uses a standard backtracking schema whenever the 
empty clause (resp. matrix) is generated: Q-DLL will backtrack up to the first existential 
(resp. universal) literal assigned as left split. For instance, given the QBF 

Vyi3xiVj/23a;23x3{{yi, y2, -^2}, {yi, 1/2, 2:2, S3}, {yi, X2, X3}, 

{yi,xi,X3},{yi,y2,X2},{yi,y2,X2},{yi,xi,y2,X3}}, 

the tree searched by Q-DLL is represented in Figure 7, where we use the same conventions 
as in Section 3. 

In the 2001 work of Giunchiglia, Narizzano, and Tacchella (2001), it is shown that the 
exploration of some branches is not necessary. In particular, if p is the input QBF and /i is 
an assignment, we show how it is possible to compute a "reason" for the (un)satisfiability 
of Pn while backtracking. Intuitively speaking, a reason for the result of p^ is a subset v of 
the literals in /j, such that for any other assignment /i' 

• which assigns to true or false the same literals assigned by ji (i.e., such that {\l\ : 
/ is in fi'} = {\l\ : Hs in //}); and 

• which extends ly (i.e., such that 1/ C : / is in //'}), 
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_{} 

{{yi,y2,x2}, {yi,y2, X2, x^}, {yi,x2, xs}, 

{yi,xi,X3}, {yi,y2,x2},{yi,y2,x2},{yi,xi,y2,X3}} 
. I 



(yi,L){yi} 



{{y2,X2}, {y2,X2,X3}, {X2, X3}} 

1 ^ 1 



(y2>L){j/i} 

(X2,u){yi} 
{x3,v){yi} 

1,X2,X3} {} {y^} 



(y2,R) 

{{2^2, X3}, {X2,X3}} 

(x2,l) 
(^3,U) 
{} 



{{xi,X3},{y2,X2},{y2,X2},{xi,y2,X3}} 

_l ' , 

(2:3, U){} (X3,P) 

{y2,p){} (y2,p) 

{yi,y2,X2}{x2,V){} {X2,V) 

{{}} {yi,y2,x2} {{}} 



Figure 7: The resolution corresponding to the tree generated by Q-DLL for (11). The prefix 

is Vyi3xiV2/23x23x3. 



(f^i is equivalent to (/?^. Then, by computing reasons, we can avoid to right split on a 
literal / if I is not in the reason: assigning / to false would not change the result. The 
resulting procedure is a generalization to QBF of the popular Conflict-directed Backjumping 
(CBJ) (Prosser, 1993b), but also introduces the concept of Solution-directed Backjumping 
(SB J), for avoiding useless splits on universal variables. 

In a later paper, Giunchiglia, Narizzano, and Tacchella (2003) show how it is possible 
to optimize the computation of reasons. In particular, in that paper, it is shown that 

• assuming ip^ is unsatisfiable, we can consider reasons being a subset of the existential 
literals in /x, while 

• assuming ip^ is satisfiable, we can consider reasons being a subset of the universal 
literals in //. 

Apart from these optimizations, the tree searched by the procedures described in the former 
and latter papers is the same, and, in the case of (11), the exploration of the branches 
starting with {y2,'R.), {xi,r) will be skipped (see Figure 7). 

We now show that the computation of the resolutions corresponding to Q-DLL allows 
to avoid the exploration of some branches pretty as much as CBJ and SBJ do: In the case 
of the QBF (11), the branches being skipped will be the same skipped by CBJ and SBJ. 

The key point is to think about Q-DLL as a procedure producing a clause (resp. term) 
deduction of the empty clause (resp. term), proving that ip is unsatisfiable (resp. satisfiable). 
Then, according to the rules we use for associating a deduction to the tree searched by Q- 
DLL, we have that: 

• If C is the clause associated with a node fi; I and I ^ C, then the clause associated 
with the node fi is C, even if / is existential and it has been assigned as left split. 
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function Q-DLL-BJ[ip, fj,) 

1 if ((a clause C is /x-contradicted)) 

2 return C; 

3 if ((the matrix of (^^ is empty)) return ModelGenerate{iJ,); 

4 if {{I is unit in ip^)) 

5 C := (a clause in the matrix of (p which causes I to be unit in (/?^); 

6 WR := Q-DLL-BJ{ip, /i; I); 

7 if {{WR is a term) or J ^ WR) return WR; 

8 return Rcc-C-Rcsolve{ip, WR, C, Z, jx); 

9 if ((/ is monotone in p^)) return Q-DLL-BJ{(p, fi;l); 

10 / := (a literal at the highest level in ipn); 

11 WR := Q-DLL-BJ{ip, fi; I); 

12 if ((/ is existential) and {{WR is a term) or I WR)) return WR; 

13 if ((/ is universal) and {{WR is a clause) or I WR)) return WR; 

14 WR' := Q-DLL-BJ{^,n;l); 

15 if ((/ is existential) and {{WR' is a term) or I ^ WR')) return WR'; 

16 if ((/ is universal) and {{WR' is a clause) or / WR')) return WR'; 

17 if ((/ is existential)) return Rec-C-Resolve{(p,W R' ,W R, I, n); 

18 return T-Resolve{WR',W R, I, fi). 

Figure 8: The algorithm of Q-DLL-BJ. 

• Analogously, if T is the term associated with a node n; I and I ^ T, then the term 
associated with the node /x is T, even if I is universal and it has been assigned as left 
split. 

The above rules do not take into account the clause/term associated with the node n;l, and 
thus there is no need to explore the branch starting with /x; I. 

Consider for example Figure 7, in which we use the standard conventions and, e.g., write 
the clause (resp. term) associated with each node fi in red (resp. green) to the right of 
the node. With reference to the figure, it is clear that considering the term {y^} associated 
with the node yi;y2, there is no need to explore the branch starting with (7/2, R) in order to 
associate a -entailed term with the node Iji. Similarly, considering the empty clause {} 
associated with the node yi;xi, there is again no need to explore the branch starting with 
(xi,r) in order to associate a yi -contradicted clause with the node yi. 

The procedure Q-DLL-BJ{ip, /j) in Figure 8 incorporates these ideas. In the figure, 

• ModelGenerate{n) returns the minimal form of a non-contradictory and /x-entailed 
term T such that 

- for each clause C G C n T 7^ 0; and 

— for each universal literal I in n assigned as monotone, I ^T. 

• Rec-C-Resolve{(p, Ci, C2, 1, n) is as in Figure 6. 
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• T-Rcsolvc{Ti,T2) returns the resolvent of the term resolution between the two terms 
Ti and T2. 

The behavior Q-DLL-BJ can be illustrated in a few words by saying that Q-DLL-BJ{ip, ji) 
computes and returns the clause /term that would be associated with the node ji in the tree 
explored by Q-DLL. In particular, assuming 

• that WR is the clause (resp. term) returned by Q-DLL-BJ{(p, 

• that I is existential (resp. universal); and 

• that I has been assigned as left split, 

Q-DLL-BJ{ip, IJ,) does not explore the branch starting with /x; I if I WR (resp. I ^ WR), 
see line 12 (resp. line 13) in Q-DLL-BJ. 

So far, with reference to Figure 7, we can interpret the clause (resp. term) in red 
(resp. green) to the right of a node fi as the value returned by Q-DLL-BJ {(p, /j,). Then, 
considering the term {y^} associated with the node yi]y2, Q-DLL-BJ does not explore the 
branch starting with (7/2, R)- Similarly, considering the empty clause {} associated with the 
node yi;xi, Q-DLL-BJ again does not explore the branch starting with (xi, r). 

Theorem 11 Q-DLL-BJ (if, e) returns the empty clause if if is false, and the empty term 
if (p is true. 

Proof. (Sketch) It is enough to notice that: 

• If a node has associated a clause C, then C is /Lt-contradicted, and C is the result 
of a sequence of clause resolutions. 

• If a node has associated a term T, then T is //-entailed, and T is the result of a 
sequence of model generations and term resolutions. 

Then, as in the previous section: 

• If the empty clause is associated with the initial node e, then (p is false. 

• If the empty term is associated with the initial node e, then tp is true. □ 

4.2 Learning 

Learning is a well known technique in SAT for avoiding the useless traversal of branches. In 
SAT, learning amounts to storing (clause) resolvents associated with the nodes of the tree 
explored by DLL: these resolvents are called "nogoods" and can be simply added to the set 
of input clauses. 

In the case of QBFs, the situation is different and more complicated. Indeed, we have 
two types of resolutions ( "term" and "clause" ) , and while the resolvents of clause resolutions 
can be added conjunctively to the matrix, the resolvents of term resolutions (that we will 
call "goods") have to be considered as in disjunction to the matrix. 

In practice, we have to handle three sets of formulas: 
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• a set ^' of terms corresponding to the goods learned during the search; 

• a set $ of clauses corresponding to the matrix of the input QBF; and 

• a set Q of clauses corresponding to the nogoods learned during the search. 

Formally, if is a QBF of the form (1), a QBF Extended with Learning (EQBF) is an 
expression of the form 

QlZi...QnZn{^,^,e) (n>0) (12) 

where 

• ^' is a set of terms, also called goods, to be interpreted disjunctively. Each good is 
obtained by model generation and/or term resolution from (p; 

• 6 is a set of clauses, also called nogoods, to be interpreted conjunctively. Each nogood 
is obtained by clause resolution from ip. 

Clearly, 

QiZi...QnZn{-^y ^) 

and 

QlZi...QnZn{^ A&) 

are equivalent to (1). 

Initially ^ and @ are the empty set, and $ is the input set of clauses. As the search 
proceeds, 

• Nogoods are determined while backtracking from a contradiction (i.e., on an assign- 
ment iJ, and is unsatisfiable) and are possibly added to G; and 

• Goods are determined while backtracking from a solution (i.e., on an assignment /x 
and ip^ is satisfiable) and are possibly added to 

In the following, we will use the term constraints when we want to refer to goods and 
nogoods indifferently. 

Consider an EQBF (12). Because of the constraints in * and/or G, the search can be 
pruned considerably. Indeed, while descending the search tree, any literal can be assigned 
as long as we are guaranteed that we can reconstruct a valid clause/term deduction -while 
backtracking- of the empty clause/term. The availability of already derived clauses/terms 
allows to prune the search because of the constraints in * or Q: Given an assignment fi, 
if there exists a /x-contradicted clause C G G (resp. a /Lt-satisfied term T G *) we can stop 
the search and return C (resp. T). A term T is jJL-satisfied if 

• for each literal Z in T, I is not in /x; and 

• for each universal literal Hn T, Z is in jj,. 

Clearly, a /x-entailed term is also /x-satisfied. Further, we can extend the notion of unit to 
take into account the constraints in ^ and/or G. A literal I is 

• unit in a EQBF (12) if 
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function Rec-Resolve{'ip ^ Wi, W2, 1, n) 

1 5 := {/ : / e VFiJg VF2}; 

2 if (5 = 0) return Resolve{Wi, W2); 

3 V := (a literal in Wi with level < than the level of all the literals in VFi}); 

4 W := {a constraint in ijj which causes I' to be unit in ^^/, where /j.'; I' is a prefix of /x); 

5 W3 := Resolve{Wi,W); 

6 return Rec-Resolve{ijj , W3, W2, 1, fi)- 

Figure 9: The algorithm of Rec-Resolve. 

— either I is existential and for some m > 0, 

* a clause {/, /i, . . . , Im} belongs to $ or B, and 

* each expression V|Zj| (1 < i < m) occurs at the right of in the prefix of 
(12). 

— or Z is universal and for some m > 0, 

* a term {I, Zi, . . . , Z^} belongs to and 

* each expression 3|Zj| (1 < z < m) occurs at the right of V|Z| in the prefix of 
(12). 

As for the definition of monotone literals, the crucial property that has to be ensured when 
dealing with EQBFs, is that an existential (resp. universal) literal I assigned as monotone 
in ii\ I should never enter in a nogood (resp. good) associated with a node extending /x; I. 
This is guaranteed by defining a literal Z as monotone or pure if and only i^ 

• either Z is existential and Z does not belong to any constraint in $ U 0; 

• or Z is universal and Z does not belong to any constraint in * U 

Because of the possibility of assigning also universal literals as unit, it may be the case 
that some term resolutions may be blocked because of some existential literals Z and I, each 
occurring in one of the terms to be used in the antecedents of the term resolution. However, 
the procedure Rec-C-Resolve presented in in Subsection 3.3 can be easily generalized to 
work also for the case in which the constraints to be resolved are terms. The result is the 
procedure Rec-Resolve{ijj, Wi, W2,l, n) in Figure 9, where it is assumed that 

1. ^ is an EQBF; 

3. There are various ways to guarantee that an existential literal / assigned as monotone in fj,; I does not 
enter in a nogood associated with a node extending fj,; I. Another one is to 

• keep the definition of existential monotone literal unchanged: An existential literal can be assigned 
as monotone in (12) if I does not belong to any clause in and 

• update G to (or proceed in the search as if 6 has been updated to) Q \ {C : C € 0,1 G C}. 

Analogously for universal monotone literals. See the work of Giunchiglia, Narizzano and Tac- 
chella (2004a) for more details and possibilities, including a discussion about the interaction between the 
monotone rule and learning. 
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2. /x; Hs an assignment; 

3. I is an existential (resp. universal) literal which is either unit or at the highest level 
in tp^i; 

4. Wi is a clause (resp. term) containing I (resp. I), in minimal form and /x; Z-contradicted 
(resp. /x; Z-satisfied); 

5. W2 is a clause (resp. term) containing I (resp. I), in minimal form and /x; I-contradicted 
(resp. yu; I-satisfied). Further, if Z is unit in 1/;^, then W2 is a clause (resp. term) which 
causes I to be unit in ■0^; 

6. for each existential (resp. universal) literal I' assigned as unit in /u';Z', with a 
prefix of there has to be a clause (resp. term) in ip which causes I' to be unit in 

7. Resolve(Wi,W2) returns C-ResoJve(VFi, VF2) (resp. T-Resolve{Wi,W2)). 

If {ip, Wi, W2, 1, jj) satisfy the first 6 of the above 7 conditions, we say that the pair {Wi, W2) 
is to be iJ,;l-Rec-Resolved (in ip). 

In the above, if ip is (12), is defined as the EQBF obtained from tp by 

• removing from $ and Q (resp. ^') the clauses C (resp. terms T) with I G C (resp. 
I e T), and by removing I (resp. I) from the other clauses in $ U (resp. terms in 
^'); and 

• removing Q\l\ from the prefix. 

If 11 = h;l2; . ■ - -Jm {m>0), tp^ is defined as (. . . {{ipi^)i^) ■ ■ .)«„. 

If {W\,W2) are to be fi;l-Rec-Resolved in ip, Rec-Resolve{ip,Wi,W2,l, /J.) returns a 
constraint in minimal form and /x-contradicted or /x-satisfied, as stated by the following 
lemma. 

Lemma 6 Let Wi and W2 be two clauses (resp. terms) such that {Wi,W2) is to be 
Rec-Resolved in a EQBF ip. Rec-Resolve(tp, Wi, W2, 1, terminates and returns a minimal 
clause (resp. term) which 

• is 11- contradicted (resp. fi- satisfied); and 

• does not contain existential literals whose negation has been (resp. universal literals 

which have been) assigned as monotone in jj,. 

Proof. (Sketch) The proof is equal to (resp. analogous to) the proof of Lemma 4 if Z is 
existential (resp. universal). □ 

The procedure Q-DLL-LN{ip, /v) incorporates the above new definitions and ideas, and 
is represented in Figure 10. Considering the figure, 

• the definition of ModelGener ate (p,) can be relaxed with respect to the definition pro- 
vided in Subsection 4.1 in order to return the minimal form of a non-contradictory 
and /x-satisfied term T such that 
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^ := {}; 

1 e := {}; 

2 function Q-DLL-LN{ip, ji) 

3 Q := (the prefix of (p)] 

4 $ := (the matrix of ip); 

5 if ((a /[/-contradicted clause C is in $ U ©)) 

6 return C; 

7 if ((a //-satisfied term T is in *)) 

8 return T; 

9 if ((the matrix of ip^ is empty)) return ModelGenerate{^); 

10 if ((/ is unit in (gj^-, 6))^)) 

11 W := (a constraint in U $ U which causes / to be unit in (Q(*, 9))^); 

12 M/i? := Q-DLL-LN{p,fi;l); 

13 if ((/ is existential) and {{WR is a term) or / W^i?)) return W^i?; 

14 if ((i is universal) and {{WR is a clause) or I H^i?)) return WR; 

15 VFi? := Rec-Resoive(g(^',$,e),PFi?,VF,Z,//); 

16 Learn{ii,WR); 

17 return VFi?; 

18 if ((/ is monotone in (Q(^', 6))^)) return Q-DLL-LN{(p, n; I); 

19 Z := (a literal at the highest level in c/?^); 

20 WR := Q-DLL-LN{ip, //; I); 

21 if ((/ is existential) and {{WR is a term) or I ^ WR)) return WR; 

22 if {{I is universal) and {{WR is a clause) or I iyi?)) return P^i?; 

23 WR' := Q-DLL-LN{ip,^;l); 

24 if ((/ is existential) and {{WR' is a term) or I ^ WR')) return WR'; 

25 if ((Z is universal) and {{WR' is a clause) or I ^ T^i?')) return WR'; 

26 M^i? := Rec-Resolve{Q{^,^,e),WR',WR,l,i^); 

27 Learii(//,VFi?); 

28 return WR. 



Figure 10: The algorithm of Q-DLL-LN. 

— for each clause C G C n T 7^ 0; and 

— for each universal literal I in // assigned as monotone, I ^T. 

• Learn{iJ,, WR) updates the set of goods and nogoods according to a given policy. Here 
we simply assume that Learn{p,, WR) updates ^ and Q to and 0' respectively, and 
that and 6' satisfy the following conditions: 

— is a subset of U {PFi?} if WR is a term, and of * otherwise; 

— 0' is a subset of U {PFi?} if WR is a clause, and of otherwise; and 

— for each existential (rcsp. universal) literal I assigned as iniit in an initial prefix 
IJ,'; I of fi, &' U ^ (resp. \1'') still contains a clause (resp. term) that causes / to 
be assigned as unit in ((5(^'', $, 0'))^/. 
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With reference to Figure 9, this last condition is necessary in order to guarantee the 
existence of a constraint W satisfying the condition at hne 4. 

The above conditions on Learn{iJ., WR) are very general and ensure the soundness and 
completeness of Q-DLL-LN. 

Theorem 12 Q-DLL-LN (ip,e) returns the empty clause if cp is false, and the empty term 
if (f is true. 

Proof. Analogous to the proof of Theorem 11. □ 

To understand the benefits of learning, assume the input QBF is (4). The corresponding 
EQBF is 

3xiyy3x23x3{{}, {{xi,y, X2}, {y, X2}, {.X2, X3}, {xi,y, X3}, {y, X2, X3}}, {}), 

and the search proceeds as in Figure 2, with the first path leading to the empty matrix, 
which starts the term resolution process. Assuming the term min{{y, X2}) = {y} is added 
to the set of goods before checking the value of (fxi;y, as soon as xi is assigned to true, 

• y is detected to be unit and it is correspondingly assigned; and 

• the path corresponding to the assignment xi;y is not explored. 

As this example shows, (good) learning can avoid the useless exploration of some branches 
that would be explored with a backtracking or backjumping schema. Indeed, we have been 
assuming that the deduced term is learned while backtracking. A policy according to which 
Learn{fi, WR) simply adds WR 

• to 6 if WR is clause; and 

• to ^' otherwise, 

can be easily implemented. However, such simple policy may easily lead to store an expo- 
nential number of goods and/or nogoods (notice that we have a call to Learn{iJ,,WR) for 
each literal assigned as unit or right split). Thus, practical implementations incorporate 

policies guaranteed to be space bounded, i.e., ones that store a polynomial number of goods 
and nogoods at most. In SAT, the three most popular space bounded learning schemes are: 

• Size learning of order n (Dcchtcr, 1990): a nogood is added to G if and only if its 
cardinality is less or equal to n. Once added, it is never deleted. 

• Relevance learning of order n (Ginsberg, 1993): given a current assignment a 
nogood C is always added to 0, and then it is deleted from O as soon as the number 
of literals I in C and with I ^ /x is bigger than n. 

• Unique Implication Point (UIP) based learning (Marques-Silva & Sakallah, 1996): a 
nogood C is stored if and only if C contains only one literal at the maximum decision 

level. Given an assignment fi, the decision level of a literal Z in ^ is the number of 
splits done before I in 11. With UIP based learning, the set Q of added clauses is 
periodically inspected and clauses are deleted according to various criteria. 
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Thus, in size learning, once a nogood is stored, it is never deleted. In relevance and UIP 
based learning, nogoods arc dynamically added and deleted depending on the current as- 
signment. See the work of Bayardo (1996) for more details related to size and relevance 
learning (including their complexity analysis), and the work of Zhang, Madigan, Moskewicz 
and Malik (2001) for a discussion of various UIP based learning mechanisms for SAT. Size, 
relevance, UIP based learning are just a few of the various possibilities for limiting the 
number of stored clauses, and each one can be generalized in various ways when considering 
QBFs instead of SAT formulas. In the next section, we will present the particular learning 
schema that we implemented in QuBE. 

5. Implementation and Experimental Analysis 

In this section we first describe in some details the implementation of nogood and good 
learning in QuBE, and then we report on some experimental analysis conducted in order to 
evaluate the (separate) benefits of nogood and good learning, but also the relative efficiency 
of our solver when compared to other state-of-the-art QBF solvers. 

5.1 Implementation in QuBE 

To evaluate the benefits deriving from learning, we have implemented both good and no- 
good learning in QuBE. QuBE is a QBF solver based on search which, on non-random 
instances, compares well with respect to other state-of-the-art solvers based on search, like 
SEMPROP (Letz, 2002), YQUAFFLE (Zhang & Malik, 2002a), i.e., the best solvers based 
on search on non-random instances according to (Le Berre, Simon, &; Tacchella, 2003), 
see (Giunchiglia, Narizzano, & Tacchella, 2004c) for more details. 
Besides learning, the version of QuBE that we used features 

• efficient detection of unit and monotone literals using lazy data structures as in (Gent, 
Giunchiglia, Narizzano, Rowley, & Tacchella, 2004); 

• a branching strategy that exploits information gleaned from the input formula initially, 
and leverages the information extracted in the learning phase. 

See (Giunchiglia, Narizzano, & Tacchella, 2004b) for a description of these characteristics. 

As for learning, the computation of nogoods and goods corresponding to the internal 
nodes of the search tree is carried out by doing clause and term resolution between a 
"working reason" which is initialized when backtracking starts, and the "reasons" stored 
while descending the search tree 

• for each unit literal, the stored reason is a constraint in which the literal is unit; 

• for each literal assigned as right split, the stored reason is the constraint computed 
while backtracking on the left branch; 

• for monotone literals, the way working reasons are initialized ensures that existential 
(resp. universal) monotone literals never belong to a working reason computed while 
backtracking from a contradiction (resp. solution). 



400 



Clause/Term Resolution and Learning for Quantified Boolean Formulas 



Assume that = h; h', ■ ■ ■ ] Im is the assignment corresponding to the leaf under con- 
sideration. Considering the problem of initializing the working reason, the way we do it in 
QuBE is to 

• return a /i-contradicted clause in the matrix of the input QBF or in the set of learned 
nogoods, if we have a contradiction; and 

• compute the minimal form of a //-satisfied prime implicant of the matrix which con- 
tains as few universal literals as possible, if we have a solution. 

In the second case, the computation of a prime implicant is important in order to have short 
reasons, while having as few as possible universal literals is important in order to backjump 
nodes. The above requirements are met by recursively removing irrelevant literals from the 
set of literals in /x, starting from the universals ones. Given a set S of literals, we say that 
a literal is irrelevant in S if for each clause C in the matrix with I G C there exists another 
literal I' in S with I' G C. If prime{iJ.) is the set of literals being the result of the recursive 
procedure, the term /\ prime{^) 

• is satisfied by /x; 

• is a prime implicant of the matrix of the input QBF; 

• is such that there does not exist another term satisfying the first two properties and 
with a smaller (under set inclusion) set of universal literals. 

In order to further reduce the number of universal literals in the initial goods, we take 
advantage of the fact that the assignment ji may be partial: For some literal / it may be 
the case that neither I nor I is in fi. Then, we can use the existential literals not in 
and with level lower than the level of all the universal literals in ji assigned as left split, in 
order to further reduce the number of universals in prime{fi). In fact, for any sequence fi' 
of literals extending /x with existential literals, the set of universals in prime{ii') is a subset 
of prime{ii). For instance, considering the QBF (11) if = y^; 7/2; ^2; 2^3, then 

• prime{ii) is {y^, 2/2, ^2, ^3}; and 

• if we extend to ji' = fj,;xi then prime{iJ,') is {xi, 2/2, ^2, ^3}- 

Finally, when evaluating which universal literals in /x are irrelevant, we follow the reverse 
order in which they have been assigned, in order to try to backjump as high as possible in 
the search tree. 

As we said in the previous section, besides the problem of setting the initial working 
reason, another problem with learning is that unconstrained storage of clauses (resp. terms) 
obtained by the reasons of conflicts (resp. solutions) may lead to an exponential memory 
blow up. In practice, it is necessary to introduce criteria 

1. for limiting the constraints that have to be learned; and/or 

2. for unlearning some of them. 
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The implementation of learning in QuBE works as follows. Assume that we are backtracking 
on a literal / assigned at decision level n. The constraint corresponding to the reason for 
the current conflict (resp. solution) is learned only if the following conditions are satisfied: 

1. / is existential (resp. universal); and 

2. all the assigned literals in the reason except I, are at a decision level strictly lower 
than n; and 

3. there are no open universal (resp. existential) literals in the reason that are before I 
in the prefix. 

Notice that these three conditions ensure that I is unit in the constraint corresponding 
to the reason. Once QuBE has learned the constraint, it backjumps to the node at the 
maximum decision level among the literals in the reason, excluding I. We say that I is 
a Unique Implication Point (UIP) and therefore the lookback in QuBE is "UIP based". 
Notice that our definition of UIP generalizes to QBF the concepts first described by Silva 
and Sakallah (1996) and used in the SAT solver GRASP. On a SAT instance, QuBE lookback 
scheme behaves similarly to the "1-UIP-learning" scheme used in zCHAFF (and described 
in Zhang et al., 2001). Even if QuBE is guaranteed to learn at most one clause (resp. term) 
per each conflict (resp. solution), still the number of learned constraints may blow up, as 
the number of backtracks can be exponential. To stop this course, QuBE scans periodically 
the set of learned constraints in search of those that became irrelevant, i.e., clauses (resp. 
terms) where the number of open literals exceeds a parameter n, corresponding to the 
relevance order. Thus, our implementation uses UIP based learning to decide when to store 
a constraint, and a relevance based criteria to decide when to forget a constraint. In the 
experimental analysis presented in the next subsection, the parameter n has been set to 20 
and the set of learned constraints is scanned every 5000 nodes. 

Besides the above learning mechanism, our current version of QuBE features lazy data 
structures for unit literal detection and propagation (as described in Gent ct al., 2004), 
monotone literal fixing (as described in Giunchiglia et al., 2004a), and a Variable State In- 
dependent Decaying Sum heuristic (VSIDS) (as introduced in SAT by Moskewicz, Madigan, 
Zhao, Zhang, & Malik, 2001). As in SAT, the basic ideas of our heuristic are to (i) initially 
rank literals on the basis of the occurrences in the matrix, (if) increment the weight of the 
literals in the learned constraints, and (iii) periodically divide by a constant the weight of 
each literal. 

5.2 Experimental Results 

To evaluate the effectiveness of our implementation, we considered the 450 formal verifica- 
tion and planning benchmarks that constituted part of the 2003 QBF solvers comparative 
evaluation^: 25% of these instances comes from verification problems (described in Scholl 
& Becker, 2001; Abdelwaheb & Basin, 2000), and the remaining are from planning do- 
mains (described in Rintanen, 1999; Castellini, Giunchiglia, &: Tacchella, 2001). We start 
our analysis considering QuBE with and without learning enabled. Both versions of QuBE 

4. With respect to the non-random instances used in the 2003 QBF comparative evaluation, our test set 
does not include the QBF encodings of the modal K formulas submitted by Pan and Vardi (2003). 
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Figure 11: Effectiveness of learning: QuBE versus QuBE(cbj,sbj). CPU time (left) and 
number of backtracks on the instances solved by both solvers (right) . 



compute goods and nogoods in order to backjump over irrelevant existential and universal 
branching nodes. They differ in the treatment of the computed goods and nogoods: 

• when learning is enabled, QuBE records both goods and nogoods; 

• when learning is disabled, QuBE records neither nogoods nor goods. 

We call the two versions QuBE(cln,SLn) and QuBE(CBJ,SBj) respectively, in order to 
specify the type of look-back used by the two systems. Notice that we did not consider 
QuBE with backtracking (i.e., the version which computes neither nogoods nor goods and 
performs simple chronological backtracking) because it is not competitive with the other 
solvers. 

All the experiments were run on a farm of identical PCs, each one equipped with a 
Pentium 4, 3.2GHz processor, 1GB of RAM, running Linux Debian (sarge). Finally, 
each system had a timeout value of 900s per instance. 

Figure 11 left shows the performances of QuBE(cln,sln) versus QuBE(cBj,SBj). In 
the plot, the x-axis is the CPU-time of QuBE(cln,sln) and the y-axis is the CPU-time of 
QuBE(cBJ,SBj). A plotted point {x, y) represents a benchmark on which QuBE(cln,sln) 
and QuBE(cb,i,sb,i) take x and y seconds respectively.^ For convenience, we also plot the 
points {x,x), each representing the benchmarks solved by QuBE(cln,SLN) in x seconds. 
The first observation is that learning pays off: 

5. In principle, one point (x,y} could correspond to many benchmarks solved by QuBE(cln,SLn) and 
QuBE(cBj,SBj) in X and y seconds respectively. However, in this and in the other scatter diagrams that 
wo present, each point (except for the point (900, 900), representing the instances on which both solvers 
time-out) corresponds to a single instance in most cases. 
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BsBE|flKli*,|ln> QuBE(rad^lfl,sln) 

Figure 12: Effectiveness of learning with a random heuristic: QuBE(rnd,cln,sln) [3] ver- 
sus QuBE(rnd,cbj,sbj)[3]. CPU time (left) and number of backtracks on the 
instances solved by both solvers (right). 



• QuBE(cln,sln) (resp. QuBE(cbj,sbj)) is able to solve 16 (resp. 1) instances that 
are not solved by QuBE(cBJ,SBj) (resp. QuBE(cln,sln)); and 

• among the instances solved by both solvers, QuBE(cln,sln) (resp. QuBE(cbj,sbj)) 
is at least one order of magnitude faster than QuBE(cBJ,SBj) (resp. QuBE(cln,sln)) 
on 39 (resp. 0) instances. 

In order to have an implementation-quality independent measure of the pruning introduced 
by learning, the right plot in the figure shows the number of backtracks (i.e., the number 
of solutions and conflicts found) of QuBE(cbj,sbj) versus QuBE(cln,sln) on the 358 
problems solved by both systems. Here a plotted point (x, y) represents a benchmark 
that is solved by QuBE(cln,sln) and QuBE(cbj,sbj) performing x and y backtracks 
respectively. As it can be seen, learning substantially prunes the search space: There is no 
point below the diagonal, meaning that it is never the case that QuBE(cbj,sbj) performs 
less backtracks than QuBE(cln,sln).^ Still, learning has some overhead, and thus the 
pruning caused by learning not always pays off in terms of speed, as proved by the few 
points below the diagonal in the left plot. 

The above experimental data are not entirely satisfactory for two reasons. 

First, learning and the heuristic are tightly coupled in QuBE: Whenever QuBE learns a 
constraint, it also increments the score of the literals in it. In QuBE(cBJ,SBj) no constraint 

6. This does not imply that the tree searched by QuBE(cln,sln) is a subtree of the tree searched by 
QuBE(CBj,SBj): Indeed, the hteral selected at each branching node by the two systems is not guaranteed 
to be the same. 
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Figure 13: Effectiveness of conflict learning: QuBE(rnd,cln,sln) [3] versus 
QuBE(rnd,cbj,sln)[3]. CPU time (left) and number of conflict backtracks on 
the instances solved by both solvers (right). 



is ever learned. As a consequence, in QuBE(cbj,sbj), (i) literals are initially sorted on the 
basis of their occurrences in the input QBF, and (ii) the score of each literal is periodically 
halved until it becomes 0. When all the literals have score 0, then literals at the same prefix 
level arc chosen according to their lexicographic order. 

Second, independently from the heuristic being used, a plot showing the performances of 
QuBE with and without learning, does not say which of the two learning schemes (conflict, 
solution) is effective (Gent &; Rowley, 2004). 

To address the first problem, we consider QuBE with a random heuristic, i.e., a heuristic 
which randomly selects a literal among those at the maximum level and not yet assigned. 
We call the resulting systems QuBE(rnd,cln,sln) and QuBE(rnd,cbj,sbj) respectively: 
As the names suggest, the first has learning enabled, while in the second learning has been 
disabled. Because of the randomness, we run each solver 5 times on each instance. Then, 
we define QuBE(rnd,cln,sln) [i] to be the system whose performances arc, on a each 
instance, the i-th best among the 5 results obtained by running QuBE(rnd,cln,sln) on 
that instance. QuBE(rnd,cbj,sbj)[z] is defined analogously. 

Figure 12 shows the CPU time (left) and number of backtracks on the solved instances 
(right) of QuBE(rnd,cln,sln)[3] and QuBE(rnd,cbj,sbj) [3]. From the plots, it is easy 
to see that QuBE(rnd,cln,sln) [3] is faster than QuBE(rnd,cbj,sbj) [3] in most cases. 
To witness this fact 

• QuBE(rnd,cln,sln) (resp. QuBE(rnd,cbj,sbj)) is able to solve 21 (resp. 2) in- 
stances that are not solved by QuBE(cbj,sbj) (resp. QuBE); and 
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QuBE(rnd,cln,sln) |uffi|m4cMnl 



Figure 14: Effectiveness of solution learning: QuBE(rnd,cln,sln)[3] versus 
QuBE(rnd,cln,sbj)[3]. CPU time (left) and number of solution back- 
tracks on the instances solved by both solvers (right). 



• among the instances solved by both solvers, QuBE (resp. QuBE(cBJ,SBj)) is at least 
one order of magnitude faster than QuBE(cBJ,SBj) (resp. QuBE) on 68 (resp. 2) 
instances. 

Still, it is no longer the case that enabling learning always causes a reduction in the number 
of backtracks. This can be because of the different literals selected at each branching node, 
but also because pruning a node may prevent a "long backjump" (Prosser, 1993a) which 
would cause a vast reduction of the search space. Interestingly, comparing with the results 
in Figure 11, it seems that with a random heuristic learning becomes more important. This 
fact witnesses also in our setting the well known tension between look-ahead and look-back 
techniques: A "smart" look-ahead makes the look-back less important, and viceversa. 

To address the second problem, we considered the systems QuBE(rnd,cbj,sln) and 
QuBE(rnd,cln,sbj), i.e., the systems obtained from QuBE(rnd,cln,sln) by disabling 
conflict learning and solution learning respectively. As usual, each system was run 5 times 
on each instance, and QuBE(rnd,cbj,sln) [i] and QuBE(rnd,cln,sbj) [i] (1 < i < 5) 
are defined as before. The left plots in Figures 13 and 14 show the performances of 
QuBE(rnd,cln,sln)[3] versus QuBE(rnd,cbj,sln)[3] and QuBE(rnd,cln,sbj) [3] re- 
spectively. We also measured the number of backtracks. However, in order to better 
highlight the pruning due to conflict (resp. solution) learning, the right plot in Figure 13 
(resp. 14) shows the number of conflict (resp. solution) backtracks of QuBE(rnd,cbj,sln)[3] 
(resp. QuBE(rnd,cln,sbj)[3]). From the plots, we see that both conflict and solution 
learning prune the search space and pay off: In each plot, there are only a few points 
well below the diagonal. Comparing the two left plots, we also see that, on the test set 
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Table 2: Comparison among various versions of QuBE. Each row compares a system writ- 
ten in the first column with respect to QuBE(rnd,cln,sln) [3] taken as reference. 
If A is QuBE(rnd,CLN,SLn) [3] and i? is a solver in the first column, then the other 
columns report the number of problems that: "=", A and B solve in the same 
time; "<", A and B solve but A takes less time than B; ">", A and B solve but A 
takes more time than B; "<C", A solves while B does not; A does not solve 

while B does; "m", A and B do not solve; "xl0<", both A and B solve but on 
which A is at least one order of magnitude faster; "x0.1<", both A and B solve 
but on which A is at least one order of magnitude slower; "TO" , B does not solve. 
The number of timeouts for QuBE(rnd,cln,sln)[3] is 89. 

that we considered, solution learning helps in solving problems more than conflict learning: 
QuBE(rnd,cb,i,sln)[3] times out on 101 while QuBE(rnd,cln,sbj) [3] times out on 107. 
On the other hand, the two right plots suggest that conflict learning prunes more than solu- 
tion learning, but this conclusion is not correct. Indeed, each plot shows either the number 
of conflicts or the number of solutions: Pruning a node (no matter whether existential or 
universal) may avoid finding (exponentially many) solutions and/or conflicts. In particular, 
given that all the instances are in CNF and thus have the form 

. . . Vy3a;i3x2 . . . 

(n > 1) pruning s-ny variciblG not in "[xi, • • • •> 

} has the potential to prune 2" conflicts. 
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Some further and more detailed quantitative information about the CPU times is re- 
ported in Table 2. From the last column in the tabic we see that, if we indicate with TO(S') 
the number of timeouts of system S, then, for each i € {1, 2, 3, 4, 5}, 

TO ( Q UB E ( RND , C B J , SLN ) [ll ) rr.^/^ t^t^/ 
TO(QuBE(rND,CLN,SLN)M) < ^„ ( . ( < TO(QuBE(RND,CBJ,SBj)k ). 

^ ' ' ^Ljy TO(QuBE(rnd,cln,sbj)[z]) ^ ' ' vLjy 

The above gives an indication of the "capacity" of the solvers, i.e., of their ability to solve 
problems. In order to get an indication of their "productivity" , i.e., considering the problems 
that they solve, their ability to solve them quickly, we can consider the number FS(5') being 
the difference between the "xO.l >" and "lOx <" columns: The lower FS(6') is, the better 
S is. Here again we have 

xr.,. FS(QuBE(RND,CBJ,SLN)[i]) T^o/^ -m^/ \r-i\ 
FS(QuBE(rND,CLN,SLN) k ) < ' ' ( . ( < FS(QuBE(RND,CBJ,SBj) d) 

^ ' ' ^Lj/ FS(QuBE(rnd,cln,sbj)[z]) ^ ' ' /Lj/ 

for i £ {1,2,3,4,5}. From the above, it is clear that both conflict and solution learning 
allow to improve on capacity and productivity. Our experimental results thus seem to 
contradict the negative results reported in Gent's and Rowley's work (2004) for solution 
based look-back mechanisms. However, those results are not comparable with ours, given 
the different mechanisms implemented by the respective solvers (e.g., for computing the 
initial solution and for monotone literal fixing), and the different experimental setting (e.g., 
the testset). 

6. Conclusions and Related Work 

This paper is based on and extends (Giunchiglia et al., 2002) which introduces nogood and 
good learning for QBFs satisfiability. Here we show the correspondence between the com- 
putation trees searched by DLL based QBF solvers and clause/term resolution deductions. 
Nogoods and goods are the clauses and terms respectively in the resolution deductions. 
Under this perspective, learning simply amounts to storing nogoods and goods. We show 
how to incorporate nogoods and goods learning in DLL based QBF solvers by considering 
EQBFs (QBFs extended with learning), and then illustrate by means of examples that the 
computation of nogoods and goods: 

• allows for solution and conflict directed backjumping in the spirit of (Giunchiglia et al., 
2001, 2003); and 

• if stored, allows for pruning branches in other parts of the search tree. 

We present a high level description of algorithms incorporating such ideas, and formally 
prove their soundness and completeness. We also discuss the problems related to effective 
implementations in DLL based QBF solvers, and present (in some details) our implementa- 
tion in QuBE, a state-of-the-art QBF solver. The experimental analysis shows that QuBE 
enhanced with nogood and good learning is more effective, when considering a selection of 
nonrandom problems consisting of planning and formal verification benchmarks. We also 
show that QuBE is competitive with respect to the state of the art. 
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As we already said, our work builds on (Giunchiglia ct al., 2002). Other papers dealing 
with learning in QBFs satisfiability are (Letz, 2002), (Zhang & Malik, 2002a) and (Gent & 
Rowley, 2004). In particular, in (Lctz, 2002) conflict and solution learning are called lemma 
and model caching. The paper also proposes a technique based on model caching for deal- 
ing with QBFs having variable-independent subformulas. Zhang and Malik (2002a) propose 
conflict learning (which is then extended to solution learning in Zhang & Malik, 2002b). In 
the second paper, terms are called cubes. Gent and Rowley (2004) introduce a new form 
of solution learning: This new technique revisits less solutions than standard techniques, 
but the experimental results reported in the paper are not positive. All these works share 
the same intuitions and thus propose similar techniques. Though it is diflicult to establish 
a precise relation among these works due to the differences in the terminology and/or the 
different level of detail in the presentations,'' we believe that the main differences are at the 
implementation level, i.e., in the way solution and conflict learning have been implemented. 
It is therefore quite difficult if not impossible to compare the different alternatives, without 
re-implementing or recasting the different learning mechanisms or even the different solvers 
in a common framework. Indeed, the specific learning mechanism implemented within a 
solver may be motivated by the other characteristics of the solver, e.g., by the data struc- 
tures being used or by the heuristic. For instance, watched data structures (used, e.g., in 
QuBE, YQUAFFLE but not in SEMPROP) allow for more efficient detection and propaga- 
tion of unit and pure literals (Gent et al., 2004). As a consequence, solvers with watched 
data structures may profitably maintain huge databases for goods and nogoods. For solvers 
with standard data structures, the costs involved in managing such huge databases may 
overwhelm the advantages. Considering each of these solvers as a whole, the experimental 
analysis conducted in (Giunchiglia et al., 2004c) shows that our solver QuBE compares 
well with respect to SEMPROP and YQUAFFLE on the 450 formal verification and planning 
benchmarks that we considered also in this paper. 
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Appendix A. Proof of Lemma 4 

The proof is by well founded induction. Thus, the steps we follow are: 

1. the definition of a well founded order on tuples (Ci, C2, /x); 

2. the proof that the thesis holds for the minimal elements of the partial order; and 

3. assuming that the thesis holds for all the tuples (C3, C2, 1, jj) such that (C3, C2, /, n) ^ 
(Ci, C2, Z, /x), the proof that the thesis holds also for (Ci, C2, / , 

7. For instance, in (Letz, 2002; Zhang & Malik, 2002b) but also in our initial work (Giunchiglia et al., 
2002), the method used for computing the initial working reason corresponding to a solution (procedure 
ModelGenerate in Figure 10) is not detailed. 
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Wc have deliberately omitted what are the properties that the elements of the tuples 
(Ci, C2, / , /i) in the partial order have to satisfy. Indeed, the standard assumption would be 
that Ci and C2 be two clauses such that (Ci,C2) is to be fu,;l-Rec-C-Resolvcd. However, 
this is not sufficient. Indeed, it may happen that starting from two clauses {C'l, C2) to be 
jjL\ l-Rec-C-Resolved (line numbers refer to Figure 6) 

1. the set {Z : Z G Ci,I G C2, Hs universal} is not empty (see line 1); 

2. the clause C3 computed as in line 5 of Figure 6 is not fi; Z-contradicted; and thus 

3. the tuple (C3, C2, 1, fj) is not an element of the partial order. 

To better understand the problem, consider the following simple example: 
3xiVyi3x2V?/23x33x4{{x4}, {x2, y2, Xi}, {^2, xz), {xi, pi, xs}, {xi, yi, X2, xz}}. (13) 
For this QBF ip: 

1. Xi\X2\y2\xz\xi is an assignment producing a contradictory clause; 

2. ({xi, yi, X2, X3},{xi, pi, X3}) are to be X4; X2; 2/2; x^; xi-Rec-C-Resolved; 

3 . Rec- C-Resolve{ip, {a;i , yi , ^2 , X3 } , {xi , y ^ , X3 } , x 1 , ; X2 ; 2/2 ; 2:3 ; ^1 ) , 

(a) causes a call to Rec-C-Resolve{(p, {xi,yi,y2,X4}, {xi, y^^, X3}, xi, X4; X2; y2; x^; xi), 
in which the clause C3 = {xi, yi, y2, X4} is not X4; X2; y2; a^s; xi-contradicted; but 

(b) returns the clause {yi,X3} which is X4; X2; y2; 3:3; xi-contradicted, as expected. 

The fact that the universal literal y2 which causes C3 not to be X4; X2; y2; 2^3; xi-contradicted 
does not appear in the clause returned by Rec-C-Resolve is due to the following two facts: 

1. y2 has a lower level than the blocking literal yi; and 

2. the negation of all the existential literals in C3 with a level lower than y2 are assigned 
before y2 in X4; X2; y2; 3:3; xi. 

To formally define these notions, we need some additional notation. First, consider a 
given clause C2. ResCiiCi) is the set of literals in Ci with a level lower than a literal 
blocking the resolution between Ci and C2. Formally: 

Resc^iCi) = {l:le Ci,3l' e Blockingc^{Ci)level{l) < level{l')}, 

where 

• for each literal I, level{l) is the prefix level of I; and 

• BlockingQ^ () is the function defined by 

Blocking(-;^{Ci) = {Z : Z G Ci,I G C2, Hs universal} 

Let iJ, be an assignment. We say that a clause Ci is ji-contradictahle (with respect to 
C2) if 
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1. for each existential literal Z in Ci, I is in /x; 

2. for each universal literal Z in Ci, if / is in /x then 

(a) I € Resc^iCi); and 

(b) for each existential literal I' in Ci, if level{l') < level{l) then I' is to the left of I 
in /J,. 

Clearly, if a clause is //-contradicted then it is also //-contradictable. Considering the QBF 
(13), the clause {xi,yi,y2,X4} is not X4; 3^2; 2/2; 2:^3; -contradicted; but is X4,;X2;y2',X3;xi- 
contradictable (with respect to {xi,yi,xs}). 

Our well founded order and induction will be on the set of tuples (Ci, C2, /v,) in which 
Ci is jj,; /-contradictable. As a preliminary step, we first define the well founded order on 
literals according to which I' ^ I" if and only if either I' = I" or both I' and I" are in jj. and 
V has been assigned before I" in (i.e., I' is to the left of /" in fi). 

We extend the partial order relation ^ from literals to clauses (i) in minimal form, (ii) 
containing I, and {iii) /i; Z-contradictable, by saying that for two such clauses Ci and C3, 
C3 ^ Ci if 

• either C3 = Ci; 

• or 3/' G {Rcsg^{Ci)\Rcsg^{C3))\fl" G {Res^^{C3)\Resg^{Ci))l' ^ I", where J?esg^(Ci) 
is the subset of existential literals in Resc'2{Ci), and similarly for Rcs^^{C3). 

The above order is well foimdcd, and the minimal elements are such that Resc^iC) (or, 
equivalently, BlockmgQ^{C)) is empty. 

Finally, consider the set W of tuples (Ci, C2,l,fi) such that 

1. Hs an assignment; 

2. / is an existential literal which is either unit or at the highest level in (^^; 

3. Ci is a clause containing I, in minimal form and /x; Z-contradictable with respect to 
C2; 

4. C2 contains I, is in minimal form and is //; I-contradicted. Further, if I is unit in (p^, 
then C2 is a clause which causes I to be unit in (^^. 

On such set, we define a well founded order according to which (C3, C2, Z, /i) ^ (Ci, C2, Z, //) 
if C3 ^ Ci. 

Now consider the procedure Rec-C-Resolve in Figure 6. We prove by well founded 
induction that, for each tuple (Ci, C2, Z, ju) G W, Rec-C-Resolve{ip,Ci,C2,l, n) terminates 
and returns a clause C in minimal form and /i-contradicted. At the end, we will also show 
that if we further assume that Ci is //; /-contradicted (and not simply /x; Z-contradictable), 
then C does not contain existential literals whose negation has been assigned as monotone 
in /X. 

In the base case, Ci is such that Resc2iCi) is empty. Hence, for each universal literal 
Z G Ci, / is not in n and thus Ci is /x; Z-contradicted. Since Resc^iCi) is empty, the set S 
computed at line 1 is empty and thus Rec-C-Resolve(ip,Ci,C2,l, n) terminates returning 
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the resolvent C of C\ and C2. Clearly C is in minimal form, and it is easy to show that C 

is yU-contradictcd. 

For the step case, by induction hypothesis, we have that the thesis holds for Rec-C- 
Resolve{ip, C3, C2, 1, n) and we have to show that it holds also for Rec-C-Resolve{ip, Ci, C2, /, /J,), 
assuming (C3, C2, 1, jj) ■< (Ci, C2, Z, jj). If the set Resc2{Ci) is empty, then see the base case. 
Assume that Resc2{Ci) is not empty, and thus that also Blocking(^<^{Ci) is not empty. 

From here on, let /' be a literal in BlockingQ^{Ci) with the highest level. I' is not in /i 
because I' ^ Resc2{Ci) and Ci is Z-contradictable. I' is not in jj, because I' G C2 and C'2 
is /x; Z-contradicted. Further, level{l') < level{l). To see why, consider the only two possible 
cases: 

1. / is unit in ipfj_: Since I' G C2, and C2 is a clause which causes I to be unit in (^^, it 
must be level{l') = level{l') < level{l). 

2. Z is at the highest level in ip^: Since both I' and I' are not in fi and I is at the highest 
level in (p^, level{l') < level{l). On the other hand, level{l') ^ level{l) because I' is 
universal and I is existential. 

Since Ci is in minimal form, there exists an existential literal I" such that I" G Ci, I" is 
in and with lcvel{l") < lcvel{l') < lcvcJ{l). From here on, let li be an existential literal 
in Ci (not necessarily distinct from I") with level less than or equal to the level of all the 
literals in Ci (see line 3). Since 

levelih) < level{l') < level{l) (14) 

and li is in fi (because Ci is fi; /-contradictable), it follows that li has been assigned as unit, 
and thus there exists a clause C in if which causes li to be unit in ip^i, where /u';Zi is an 
initial prefix of (see line 4). 
Consider the set 

Blocking(j{Ci) = {I : I e C\,l G C, Hs universal}. 
Blocking(j{Ci) is empty. In fact, for each universal literal I" G C 

• if level{l") < level{li) then /" ^ Ci since Ci is in minimal form; 

• if ievei(/") > ievei(/i) then /" ^ h. Assume that /" G Ci. Since Ci is ft; Z-contradictable, 
h ^ I"- However, I" ^ li and h ^ I" is not possible because h ^ I" {h is existential 
and I" is universal). 

Since Blockingfj(Ci) is empty, we can resolve C and Ci on li, obtaining 

C3 = min{{CiUC)\{h,h}) 

as resolvent. C3 is in minimal form and it contains I. 

To show that C3 ^ Ci it remains to be showed that C3 is /z; Z-contradictable. Indeed, 
for each existential literal Z in C3, I is in fx, while for the universal literals in C3, consider 
the two cases: 
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1. BlockingQ^{Cs) is not empty. In this case, I' G BlockingQ^{C3). This is an easy 
consequence of the following facts: 

(a) for each literal 1" G Blockingc^{C) , level{l") < level{l'): F G C2 by definition of 
BlockingQ^{C) , hence I" is not in n because C2 is n; Z-contradicted, and therefore 
level{l") < level{li), and thus the thesis (see (14)); 

(b) Blockingc^iCs) = {Blockingc,^{Ci)UBlockingc2{C))nC3 and thus {Blockingc,^{Ci)U 
Blockingc^lO) \ Blockingc^iCs) = (C U Ci) \ l{li,h} U C3), i.e., the literals in 
Blocking(j^{Ci) U BlockingQ^{C) and not in BlockingQ^{C3) are those that have 
been omitted because of the minimal form of C3; 

(c) BlockingQ^{Cs) is not empty. 

Since I' G BlockingQ<^(C3) , the literals in Resc2{Ci) which are also in C3, also belong 
to J?esc2(C3), i.e., 

Resc, (C3) D Resc, (Ci) n C3. (15) 
Now consider a universal literal I" G Ci fl C3. If is in /j, then 

(a) I" G Resc2{Ci) because Ci is /x; Z-contradictable, and hence I" G ResCiiCs) 

(see (15)); 

(b) for each existential literal in Ci, if level{l"') < level{l") then -< I" because 
Ci is ;u; /-contradictable; 

(c) for each existential Uteral I'" 7^ h in C, V" < I". In fact, ievei(li) < level{l"), 
h d: I" because Ci is ji; Z-contradictable, and for each existential literal V" 7^ G 

Finally, consider a universal literal G C fl C3. If I" is in fi then level{l") < level{li) 
and hence 

(a) I" G Resc2{C3) because ieve7(/i) < lcvcl{l') (see (14)); and 

(b) for each existential literal I'" G C3, if level{l'") < level{l") then I'" G C and hence 

2. Blockingfy^^Cs) is empty. Let m be the lowest among the level of the literals in C3. 
lcvcl(l') < m since I' C3. Then, for each universal literal I" G C3, /" is not in fi, i.e., 
C3 is iJ,] /-contradicted. In fact, assume that there exists a universal literal /" G C3 in 
IJ,. Then, level{l") > m and either I" G Ci or I" G C. Consider the first case I" G Ci. 
Then, G 1^68(72(^1) because Ci is yu; /-contradictable, and then level{l") < lcvel{l'). 
But this is not possible because levcl{l") > m and level{l') < m. Consider the case 
I" G C. Then, level{l") < level(li) and hence level{l") < level{l') (see (14)) which is 
again not possible. 

Since C3 ^ Ci, {0^,02,1, fJ-) ^ {Ci,C2,l, fJ') , we can conclude by induction hypothesis that 
Rec-C-Resolve{ip, C3, C2, 1, IJ^) returns a clause in minimal form and //-contradicted. 
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Now wc make the further assumption that the input clause Ci is Z-contradicted. 
Then, Ci does not contain existential literals whose negation has been assigned as mono- 
tone, and the same holds for C2 and for each clause C used at line 5. Hence, Rec-C- 
Resolve{(p, C3, C2, 1, ji) returns a clause without existential literals whose negation has been 
assigned as monotone in ji. 
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